destroy_nmdm function in wifibox does the opposite of what is expected #104
Description
Description
The destroy_nmdm function in sbin/wifibox does the opposite of what it is intended to do.
An nmdm device is created upon any access to /dev/nmdm.. -- this includes by test -c and even rm. When destroy_nmdm is run, it effectively: created the /dev/nmdm devices, removes the entries from /dev/, and believes the device is destroyed. This behavior can be seen by showing that removing any /dev/nmdm.. always "succeeds", because the device is created and is immidetly removed:
user@evilco:~$ ls /dev/nmdm*
user@evilco:~$ sudo rm /dev/nmdmUA # created and deleted2
user@evilco:~$ sudo rm /dev/doesnotexist
rm: /dev/doesnotexist: No such file or directory
However, removing the device from /dev/ does not destroy the device. Although the existence of the device is opaque to the filesystem, it still exists: in a state which cannot easily be destroyed now that its file in the devfs has been deleted. This means that the kernel module cannot be unloaded either, since the device still exists.
At the moment, it is not possible to start wifibox, stop wifibox, and then unload the nmdm kernel module. It fails because the ghost device is created by the destroy_nmdm function (fixed in freebsd/freebsd-src#1367). A similar example:
user@evilco:~$ sudo kldload nmdm
user@evilco:~$ sudo kldunload nmdm
user@evilco:~$ sudo kldload nmdm
user@evilco:~$ [ -e /dev/nmdmAA ] && echo exists
user@evilco:~$ sudo kldunload nmdm
kldunload: can't unload file: Device busy
I propose removing the destroy_nmdm function completely. When the VM is destroyed, it already closes the nmdm device.