Subject: kern/4190: if_de and bpf can cause kernel panic
To: None <>
From: Matthias Scheler <>
List: netbsd-bugs
Date: 09/30/1997 01:55:27
>Number:         4190
>Category:       kern
>Synopsis:       if_de and bpf can cause kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 29 17:05:01 1997
>Originator:     Matthias Scheler
Mario Kemper Maintenace Project
>Release:        970923
NetBSD colwyn 1.2G NetBSD 1.2G (COLWYN) #1: Tue Sep 30 01:36:42 MEST 1997     tron@colwyn:/home/src/sys/arch/i386/compile/COLWYN i386

Under certain conditions "if_de.c" calls bpf_mtap() with a null pointer
as argument for "struct mbuf *m". Because other network interface drivers
seem to share this problem a NULL pointer check in bpf_mtap() is IMHO
the best sollution.

Boot a system with two unplugged DEC 21x4x based ethernet cards and start
"dhcpd" via "/etc/rc". The system will panic with a VM fault in "m_xhalf".

*** src/sys/net/bpf.c.orig	Mon Mar 17 13:33:08 1997
--- src/sys/net/bpf.c	Tue Sep 30 01:36:13 1997
*************** bpf_mtap(arg, m)
*** 1075,1080 ****
--- 1075,1082 ----
  	size_t pktlen, slen;
  	struct mbuf *m0;
+ 	if (m == 0) return;
  	pktlen = 0;
  	for (m0 = m; m0 != 0; m0 = m0->m_next)
  		pktlen += m0->m_len;