From owner-freebsd-net@FreeBSD.ORG Thu Jul 24 08:21:49 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1393537B401; Thu, 24 Jul 2003 08:21:49 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 163FB43F93; Thu, 24 Jul 2003 08:21:48 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id <305LGVNZ>; Thu, 24 Jul 2003 11:21:47 -0400 Message-ID: From: Don Bowman To: "'freesd-ipfw@freebsd.org'" , "'freebsd-net@freebsd.org'" Date: Thu, 24 Jul 2003 11:21:46 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Subject: splx() bug in ip_dummynet? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jul 2003 15:21:49 -0000 1.24.2.2 of ip_dummynet.c [RELENG_4] has a bug I'm thinking, can someone comment? In the below snippet, the value of 's' from splimp() is overwritten by the return value of alloc_hash(), which is an errno. If its != 0, then there's a missing splx(). If it is == 0, then splx() is called with the wrong value. [i've filed a PR against this, and will probably change the alloc_hash to use a different return value in my tree] s = splimp(); x->bandwidth = p->bandwidth ; x->numbytes = 0; /* just in case... */ bcopy(p->if_name, x->if_name, sizeof(p->if_name) ); x->ifp = NULL ; /* reset interface ptr */ x->delay = p->delay ; set_fs_parms(&(x->fs), pfs); if ( x->fs.rq == NULL ) { /* a new pipe */ s = alloc_hash(&(x->fs), pfs) ; if (s) { free(x, M_DUMMYNET); return s ; } x->next = b ; if (a == NULL) all_pipes = x ; else a->next = x ; } splx(s);