Date: Tue, 23 Sep 2003 16:13:33 -0700 (PDT) From: Sam Leffler <sam@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 38498 for review Message-ID: <200309232313.h8NNDXoV070888@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=38498 Change 38498 by sam@sam_ebb on 2003/09/23 16:12:59 replace numerous bogus panic's with equally bogus assertions that at least go away on a production system Affected files ... .. //depot/projects/netperf/sys/netipsec/key.c#5 edit Differences ... ==== //depot/projects/netperf/sys/netipsec/key.c#5 (text+ko) ==== @@ -855,9 +855,9 @@ /* Which SA is the better ? */ - /* sanity check 2 */ - if (candidate->lft_c == NULL || sav->lft_c == NULL) - panic("%s: lifetime_current is NULL\n", __func__); + IPSEC_ASSERT(candidate->lft_c != NULL, + ("null candidate lifetime")); + IPSEC_ASSERT(sav->lft_c != NULL, ("null sav lifetime")); /* What the best method is to compare ? */ if (key_prefered_oldsa) { @@ -1059,7 +1059,6 @@ void key_freeso(struct socket *so) { - /* sanity check */ IPSEC_ASSERT(so != NULL, ("null so")); switch (so->so_proto->pr_domain->dom_family) { @@ -1276,11 +1275,9 @@ { struct secpolicy *newsp; - /* sanity check */ - if (xpl0 == NULL) - panic("%s: NULL pointer was passed.\n", __func__); - if (len < sizeof(*xpl0)) - panic("%s: invalid length.\n", __func__); + IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); + IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %u", len)); + if (len != PFKEY_EXTLEN(xpl0)) { ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); *error = EINVAL; @@ -1514,9 +1511,7 @@ caddr_t p; struct mbuf *m; - /* sanity check. */ - if (sp == NULL) - panic("%s: NULL pointer was passed.\n", __func__); + IPSEC_ASSERT(sp != NULL, ("null policy")); tlen = key_getspreqmsglen(sp); @@ -1589,8 +1584,8 @@ struct mbuf *result = NULL, *n; int len; - if (m == NULL || mhp == NULL) - panic("%s: null pointer passed", __func__); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); va_start(ap, nitem); for (i = 0; i < nitem; i++) { @@ -1606,10 +1601,9 @@ if (idx == SADB_EXT_RESERVED) { len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); -#ifdef DIAGNOSTIC - if (len > MHLEN) - panic("assumption failed"); -#endif + + IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); + MGETHDR(n, M_DONTWAIT, MT_DATA); if (!n) goto fail; @@ -1683,9 +1677,10 @@ struct secpolicy *newsp; int error; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || @@ -1943,9 +1938,10 @@ struct secpolicyindex spidx; struct secpolicy *sp; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("key_spddelete: NULL pointer is passed.\n"); + IPSEC_ASSERT(so != NULL, ("null so")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || @@ -2039,9 +2035,10 @@ u_int32_t id; struct secpolicy *sp; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (mhp->ext[SADB_X_EXT_POLICY] == NULL || mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { @@ -2135,9 +2132,10 @@ struct secpolicy *sp; struct mbuf *n; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (mhp->ext[SADB_X_EXT_POLICY] == NULL || mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { @@ -2185,13 +2183,10 @@ struct secspacq *newspacq; int error; - /* sanity check */ - if (sp == NULL) - panic("%s: NULL pointer is passed.\n", __func__); - if (sp->req != NULL) - panic("%s: called but there is request.\n", __func__); - if (sp->policy != IPSEC_POLICY_IPSEC) - panic("%s: policy mismathed. IPsec is expected.\n", __func__); + IPSEC_ASSERT(sp != NULL, ("null secpolicy")); + IPSEC_ASSERT(sp->req == NULL, ("policy exists")); + IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, + ("policy not IPSEC %u", sp->policy)); /* Get an entry to check whether sent message or not. */ newspacq = key_getspacq(&sp->spidx); @@ -2257,9 +2252,10 @@ struct secpolicy *sp; u_int dir; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) return key_senderror(so, m, EINVAL); @@ -2308,9 +2304,10 @@ u_int dir; struct mbuf *n; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* search SPD entry and get buffer size. */ cnt = 0; @@ -2445,9 +2442,7 @@ /* XXX: Why do we lock ? */ - /* sanity check */ - if (sp == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(sp != NULL, ("null secpolicy")); /* set msg header */ m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); @@ -2581,7 +2576,6 @@ u_int stateidx, state; int zombie = 0; - /* sanity check */ IPSEC_ASSERT(sah != NULL, ("NULL sah")); mtx_assert(&sahtree_lock, MA_OWNED); @@ -2647,9 +2641,10 @@ struct secasvar *newsav; const struct sadb_sa *xsa; - /* sanity check */ - if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL) - panic("key_newsa: NULL pointer is passed.\n"); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); + IPSEC_ASSERT(sah != NULL, ("null secashead")); newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT|M_ZERO); if (newsav == NULL) { @@ -2916,9 +2911,9 @@ { int error = 0; - /* sanity check */ - if (m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* initialization */ sav->replay = NULL; @@ -3585,9 +3580,7 @@ struct in_ifaddr *ia; #endif - /* sanity check */ - if (sa == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(sa != NULL, ("null sockaddr")); switch (sa->sa_family) { #ifdef INET @@ -4313,9 +4306,10 @@ u_int32_t reqid; int error; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { @@ -4589,9 +4583,10 @@ u_int32_t reqid; int error; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { @@ -4783,9 +4778,10 @@ u_int32_t reqid; int error; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { @@ -4895,9 +4891,10 @@ const struct sadb_ident *idsrc, *iddst; int idsrclen, iddstlen; - /* sanity check */ - if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(sah != NULL, ("null secashead")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* don't make buffer if not there */ if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && @@ -4965,9 +4962,9 @@ { struct mbuf *n; - /* sanity check */ - if (m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* create new sadb_msg to reply. */ n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED, @@ -5017,9 +5014,10 @@ struct secasvar *sav = NULL; u_int16_t proto; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { @@ -5212,9 +5210,10 @@ struct secasvar *sav = NULL; u_int16_t proto; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { @@ -5577,7 +5576,6 @@ int error = -1; u_int32_t seq; - /* sanity check */ IPSEC_ASSERT(saidx != NULL, ("null saidx")); satype = key_proto2satype(saidx->proto); IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); @@ -5861,9 +5859,10 @@ u_int16_t proto; int error; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* * Error message from KMd. @@ -5977,9 +5976,10 @@ { struct secreg *reg, *newreg = 0; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* check for invalid register message */ if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0])) @@ -6131,7 +6131,6 @@ struct secreg *reg; int i; - /* sanity check */ IPSEC_ASSERT(so != NULL, ("NULL so")); /* @@ -6175,15 +6174,12 @@ /* XXX: Why do we lock ? */ s = splnet(); /*called from softclock()*/ - /* sanity check */ - if (sav == NULL) - panic("%s: NULL pointer is passed.\n", __func__); - if (sav->sah == NULL) - panic("%s: Why was SA index in SA NULL.\n", __func__); - if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) - panic("%s: invalid proto is passed.\n", __func__); + IPSEC_ASSERT (sav != NULL, ("null sav")); + IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); /* set msg header */ + satype = key_proto2satype(sav->sah->saidx.proto); + IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); if (!m) { error = ENOBUFS; @@ -6305,9 +6301,9 @@ u_int8_t state; u_int stateidx; - /* sanity check */ - if (so == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { @@ -6391,9 +6387,10 @@ struct sadb_msg *newmsg; struct mbuf *n; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); /* map satype to proto */ if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { @@ -6474,9 +6471,10 @@ { int olen; - /* sanity check */ - if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); @@ -6565,9 +6563,8 @@ int error; int target; - /* sanity check */ - if (m == NULL || so == NULL) - panic("%s: NULL pointer is passed.\n", __func__); + IPSEC_ASSERT(so != NULL, ("null socket")); + IPSEC_ASSERT(m != NULL, ("null mbuf")); #if 0 /*kdebug_sadb assumes msg in linear buffer*/ KEYDEBUG(KEYDEBUG_KEY_DUMP, @@ -6817,8 +6814,8 @@ { struct sadb_msg *msg; - if (m->m_len < sizeof(struct sadb_msg)) - panic("%s: invalid mbuf passed", __func__); + IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), + ("mbuf too small, len %u", m->m_len)); msg = mtod(m, struct sadb_msg *); msg->sadb_msg_errno = code; @@ -6841,11 +6838,10 @@ int extlen; int toff; - /* sanity check */ - if (m == NULL || mhp == NULL) - panic("%s: NULL pointer is passed", __func__); - if (m->m_len < sizeof(struct sadb_msg)) - panic("%s: invalid mbuf passed", __func__); + IPSEC_ASSERT(m != NULL, ("null mbuf")); + IPSEC_ASSERT(mhp != NULL, ("null msghdr")); + IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), + ("mbuf too small, len %u", m->m_len)); /* initialize */ bzero(mhp, sizeof(*mhp)); @@ -7045,9 +7041,7 @@ caddr_t src; caddr_t dst; { - /* sanity check */ - if (sav->sah == NULL) - panic("%s: sav->sah == NULL", __func__); + IPSEC_ASSERT(sav->sah != NULL, ("null SA header")); /* XXX: check inner IP header */ @@ -7138,8 +7132,7 @@ struct secasvar *sav; { - if (!sav->iv) - panic("%s: sav == NULL", __func__); + IPSEC_ASSERT(sav->iv != NULL, ("null IV")); key_randomfill(sav->iv, sav->ivlen); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309232313.h8NNDXoV070888>