Hi Sephe,
I think I've tackled all the points you mentioned:
http://leaf.dragonflybsd.org/~tuxillo/archive/patches/bpf_token03.diff
I've also found a place where bpf_token might be needed. Not sure either
whether we would need to check all the bpf_tap(), bpf_mtap() and
bpf_ptap() calls to see if they're properly protected.
diff --git a/sys/net/if_loop.c b/sys/net/if_loop.c
index e3f6724..a58d943 100644
--- a/sys/net/if_loop.c
+++ b/sys/net/if_loop.c
@@ -199,7 +199,7 @@ if_simloop(struct ifnet *ifp, struct mbuf *m, int af,
int hlen)
}
if (ifp->if_bpf) {
- get_mplock();
+ lwkt_gettoken(&bpf_token);
/* Re-check */
if (ifp->if_bpf == NULL)
@@ -212,7 +212,7 @@ if_simloop(struct ifnet *ifp, struct mbuf *m, int af,
int hlen)
bpf_mtap(ifp->if_bpf, m);
}
rel:
- rel_mplock();
+ lwkt_reltoken(&bpf_token);
}
/* Strip away media header */
Cheers,
Antonio Huete
I have looked at the patch. I think there are still something missing:
- bpf code actually assumes that mplock is held on the device node
interfaces, so you probably need to protect them w/ the bpf token.
- bpfattach/bpfdetach should probably be protected by bpf token
- Macros like BPF_TAP() and ETHER_BPF_MTAP() probably will need the
check-hold_token-recheck sequence, e.g.:
if (ifp->if_bpf) {
bpf_gettoken();
if (ifp->if_bpf)
bpf_tap(...);
bpf_reltoken();
}
Best Regards,
sephe
