svn commit: r186493 - head/sys/kern

Robert Watson rwatson at FreeBSD.org
Thu Dec 25 11:32:38 UTC 2008 

Author: rwatson
Date: Thu Dec 25 11:32:38 2008
New Revision: 186493
URL: http://svn.freebsd.org/changeset/base/186493

Log:
  Following the recent security advisory, add a comment describing our
  invariants and approach for protocol switch methods in protsw_init(),
  and also some KASSERT's for non-domain init entries in protocol
  switch tables: pru_abort and pru_send must both be implemented.
  
  For now, leave those assertions #if 0'd, since there are a few
  protocols that violate them in non-harmful ways.  Whether or not we
  should enforce pru_abort being implemented for non-stream protocols
  is an interesting question: currently abort is only invoked on stream
  sockets in situations where un-accepted sockets must be abruptly
  closed (i.e., close() on a listen socket with pending connections),
  but in principle it is useful for datagram sockets and most datagram
  socket types implement it.
  
  MFC after:	3 weeks

Modified:
  head/sys/kern/uipc_domain.c

Modified: head/sys/kern/uipc_domain.c
==============================================================================
--- head/sys/kern/uipc_domain.c	Thu Dec 25 10:18:35 2008	(r186492)
+++ head/sys/kern/uipc_domain.c	Thu Dec 25 11:32:38 2008	(r186493)
@@ -110,6 +110,28 @@ protosw_init(struct protosw *pr)
 	    pr->pr_domain->dom_name,
 	    (int)(pr - pr->pr_domain->dom_protosw)));
 
+	/*
+	 * Protocol switch methods fall into three categories: mandatory,
+	 * mandatory but protosw_init() provides a default, and optional.
+	 *
+	 * For true protocols (i.e., pru_attach != NULL), KASSERT truly
+	 * mandatory methods with no defaults, and initialize defaults for
+	 * other mandatory methods if the protocol hasn't defined an
+	 * implementation (NULL function pointer).
+	 */
+#if 0
+	if (pu->pru_attach != NULL) {
+		KASSERT(pu->pru_abort != NULL,
+		    ("protosw_init: %ssw[%d] pru_abort NULL",
+		    pr->pr_domain->dom_name,
+		    (int)(pr - pr->pr_domain->dom_protosw)));
+		KASSERT(pu->pru_send != NULL,
+		    ("protosw_init: %ssw[%d] pru_send NULL",
+		    pr->pr_domain->dom_name,
+		    (int)(pr - pr->pr_domain->dom_protosw)));
+	}
+#endif
+
 #define DEFAULT(foo, bar)	if ((foo) == NULL)  (foo) = (bar)
 	DEFAULT(pu->pru_accept, pru_accept_notsupp);
 	DEFAULT(pu->pru_bind, pru_bind_notsupp);

More information about the svn-src-head mailing list