Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 01 Jul 2017 02:08:39 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 220404] head -r319722 or -r320224 related changes break powerpc production-style kernel operation: bad function pointer
Message-ID:  <bug-220404-8-4sUYUW59gF@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-220404-8@https.bugs.freebsd.org/bugzilla/>
References:  <bug-220404-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220404

--- Comment #1 from Mark Millard <markmi@dsl-only.net> ---
(In reply to Mark Millard from comment #0)

Some other supporting code details follow.

static struct socket *
soalloc(struct vnet *vnet)
{
        struct socket *so;

        so =3D uma_zalloc(socket_zone, M_NOWAIT | M_ZERO);
. . .
        so->so_rcv.sb_sel =3D &so->so_rdsel;
        so->so_snd.sb_sel =3D &so->so_wrsel;
. . .

That so->so_rcv.sb_sel assignment makes so->sol_upcall
non-NULL and so appear to be defined for use.

And that makes the following code problematical:

void
solisten_wakeup(struct socket *sol)
{

        if (sol->sol_upcall !=3D NULL)
                (void )sol->sol_upcall(sol, sol->sol_upcallarg, M_NOWAIT);
        else {
. . .

And this code is what is failing on production 32-bit
powerpc kernels.

There could be more anonymous struct field problems in
the union that is in struct socket . I've not checked.

I'll note that the only references to sol_upcall are:

# grep -r "\<sol_upcall" /usr/src/sys/* | more
/usr/src/sys/kern/uipc_socket.c:        if (sol->sol_upcall !=3D NULL)
/usr/src/sys/kern/uipc_socket.c:                (void )sol->sol_upcall(sol,
sol->sol_upcallarg, M_NOWAIT);
/usr/src/sys/kern/uipc_socket.c:        so->sol_upcall =3D func;
/usr/src/sys/kern/uipc_socket.c:        so->sol_upcallarg =3D arg;
/usr/src/sys/sys/socketvar.h:                   so_upcall_t     *sol_upcall=
;=20=20=20
/* (e) */
/usr/src/sys/sys/socketvar.h:                   void            *sol_upcall=
arg;
/* (e) */

None of those assign NULL.

If NULL was assigned then ->so_rcv.sb_sel would
also become NULL in value.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-220404-8-4sUYUW59gF>