svn commit: r199201 - in head: contrib/libpcap sbin/ifconfig share/man/man4 sys/kern sys/net sys/sys

Dag-Erling Smørgrav des at des.no
Thu Nov 12 16:10:58 UTC 2009 

Robert Watson <rwatson at FreeBSD.org> writes:
> We care less about ifnet than we used to, because ifnet is now
> allocated by the kernel rather than drivers.  However, if we want to
> take our KPI/KBI more seriously, then CTASSERTs on other "public"
> kernel structures might well be a good idea.  On the other hand,
> CTASSERT errors on build are almost impervious to mortal comprehension
> (if you haven't seen them before, they make little sense to the
> reader), and will make it more difficult for people hacking on our
> kernel to do so casually.  Some sort of other static checker might
> make more sense, and perhaps allow us to do more intelligent checking
> that just "total size" -- we'd also like to detect rearrangement of
> sensitive structs that would be size-preserving.

A while ago, I started working on a Perl script that parsed struct
declarations.  The idea was that we could store a reference copy of the
struct layout somewhere, and the script, using its knowledge of
alignment and padding rules on different architectures, would calculate
the current layout and compare it with the reference layout.

I set it aside when I realized how much work it would be to parse
function pointers, but we could dodge the issue by always typedef'ing
them, e.g. instead of

struct sigaction {
        union {
                void    (*__sa_handler)(int);
                void    (*__sa_sigaction)(int, struct __siginfo *, void *);
        } __sigaction_u;                /* signal handler */
        int     sa_flags;               /* see signal options below */
        sigset_t sa_mask;               /* signal mask to apply */
};

we'd have

typedef void (*__sa_handler_func_ptr)(int);
typedef void (*__sa_sigaction_func_ptr)(int, struct __siginfo *, void *);

struct sigaction {
        union {
                __sa_handler_func_ptr __sa_handler;
                __sa_sigaction_func_ptr __sa_sigaction;
        } __sigaction_u;                /* signal handler */
        int     sa_flags;               /* see signal options below */
        sigset_t sa_mask;               /* signal mask to apply */
};

My script understands typedefs, and it should be easy enough to fudge
the typedef parsing bit so it knows that __sa_handler_func_ptr and
__sa_sigaction_func_ptr are function pointers, which is enough to figure
out size and alignment on all architectures we support.

DES
-- 
Dag-Erling Smørgrav - des at des.no

More information about the svn-src-head mailing list