make /dev/pf a clonable device

Sun, 06 Nov 2022 04:43:24 -0800 

this is a small chunk to help sashan@ out with some of the pf ioctl work
he is doing.

he is looking at allocating config over multiple ioctls, and would like
to be able to throw it away in situations like if the userland program
creating the state goes away. with the current vnode and device special
semantics, only the last close will call pfclose, which is a nice place
to do cleanup. if a long running process has /dev/pf open, then he'll
never be able to clean up.

cloning also turns the dev_t into a nice identifier to use to
associate these allocations with, which makes the cleanup more robust.
using something like the pid or curproc allows for userland to confuse
pf too easily.

ok?

Index: sys/conf.h
===================================================================
RCS file: /cvs/src/sys/sys/conf.h,v
retrieving revision 1.159
diff -u -p -r1.159 conf.h
--- sys/conf.h  2 Sep 2022 20:06:56 -0000       1.159
+++ sys/conf.h  6 Nov 2022 12:42:29 -0000
@@ -358,7 +358,7 @@ extern struct cdevsw cdevsw[];
        dev_init(c,n,open), dev_init(c,n,close), (dev_type_read((*))) enodev, \
        (dev_type_write((*))) enodev, dev_init(c,n,ioctl), \
        (dev_type_stop((*))) enodev, 0, \
-       (dev_type_mmap((*))) enodev }
+       (dev_type_mmap((*))) enodev, 0, D_CLONE }
 
 /* open, close, read, write, ioctl, kqfilter */
 #define        cdev_usbdev_init(c,n) { \
Index: net/pf_ioctl.c
===================================================================
RCS file: /cvs/src/sys/net/pf_ioctl.c,v
retrieving revision 1.385
diff -u -p -r1.385 pf_ioctl.c
--- net/pf_ioctl.c      6 Aug 2022 15:57:58 -0000       1.385
+++ net/pf_ioctl.c      6 Nov 2022 12:42:29 -0000
@@ -54,6 +54,7 @@
 #include <sys/proc.h>
 #include <sys/rwlock.h>
 #include <sys/syslog.h>
+#include <sys/specdev.h>
 #include <uvm/uvm_extern.h>
 
 #include <crypto/md5.h>
@@ -265,16 +266,17 @@ pfattach(int num)
 int
 pfopen(dev_t dev, int flags, int fmt, struct proc *p)
 {
-       if (minor(dev) >= 1)
+       int unit = minor(dev);
+
+       if (unit & ((1 << CLONE_SHIFT) - 1))
                return (ENXIO);
+
        return (0);
 }
 
 int
 pfclose(dev_t dev, int flags, int fmt, struct proc *p)
 {
-       if (minor(dev) >= 1)
-               return (ENXIO);
        return (0);
 }

Reply via email to