OpenBSD cvs log

created 2020-01-27T23:03:28Z
begin 2019-11-19T00:00:00Z
end 2019-11-19T00:06:26Z
path src/sys
commits 1

date 2019-11-19T00:06:26Z
author dlg
files src/sys/net/if_tun.c log diff annotate
message take care to avoid a race when creating the same interface.

it was possible for multiple tun0 interfaces to be created concurrently,
which confused the pf_if code. when concurrent tun0 interfaces were
created, the pf_if code tried to add an addrhook for each interface,
but because they shared a name the two hooks ended up on one
interface. if the interface with two addrhooks was destroyed,
KASSERT(TAILQ_EMPTY(&ifp->if_addrhooks)) would trip. before the
KASSERT existed, we'd blindly free a tailq head, which would corrupt
the list, which would cause faults in pfi_detach_ifnet() anyway.

so now we take more care to ensure multiple tun0 interfaces cannot
exist concurrently.

inserting a tun or tap interface into the list of tun or tap
interfaces now checks to ensure that an interface with the same
unit number doesnt already exist. if an existing interface is found,
insert errors with EEXIST and the callers can unwind. the tunopen
and tapopen paths cope with losing the race.

Reported-by: syzbot+2b26012b9ea93834723e@syzkaller.appspotmail.com
sashan@ made a reliable test that could produce the failures
ok sashan@