[Bug 220404] head -r319722 or -r320224 related changes break powerpc production-style kernel operation: bad function pointer

Sat Jul 1 02:08:39 UTC 2017

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220404

--- Comment #1 from Mark Millard <markmi at dsl-only.net> ---
(In reply to Mark Millard from comment #0)

Some other supporting code details follow.

static struct socket *
soalloc(struct vnet *vnet)
{
        struct socket *so;

        so = uma_zalloc(socket_zone, M_NOWAIT | M_ZERO);
. . .
        so->so_rcv.sb_sel = &so->so_rdsel;
        so->so_snd.sb_sel = &so->so_wrsel;
. . .

That so->so_rcv.sb_sel assignment makes so->sol_upcall
non-NULL and so appear to be defined for use.

And that makes the following code problematical:

void
solisten_wakeup(struct socket *sol)
{

        if (sol->sol_upcall != NULL)
                (void )sol->sol_upcall(sol, sol->sol_upcallarg, M_NOWAIT);
        else {
. . .

And this code is what is failing on production 32-bit
powerpc kernels.

There could be more anonymous struct field problems in
the union that is in struct socket . I've not checked.

I'll note that the only references to sol_upcall are:

# grep -r "\<sol_upcall" /usr/src/sys/* | more
/usr/src/sys/kern/uipc_socket.c:        if (sol->sol_upcall != NULL)
/usr/src/sys/kern/uipc_socket.c:                (void )sol->sol_upcall(sol,
sol->sol_upcallarg, M_NOWAIT);
/usr/src/sys/kern/uipc_socket.c:        so->sol_upcall = func;
/usr/src/sys/kern/uipc_socket.c:        so->sol_upcallarg = arg;
/usr/src/sys/sys/socketvar.h:                   so_upcall_t     *sol_upcall;   
/* (e) */
/usr/src/sys/sys/socketvar.h:                   void            *sol_upcallarg;
/* (e) */

None of those assign NULL.

If NULL was assigned then ->so_rcv.sb_sel would
also become NULL in value.

-- 
You are receiving this mail because:
You are the assignee for the bug.