Date: Mon, 14 Oct 2024 14:00:45 +0300 From: Igor Ostapenko <igoro@FreeBSD.org> To: freebsd-net@FreeBSD.org Subject: RFC: mbuf: Add m_len assertion to mtod() and mtodo() Message-ID: <05e3056e-4563-4d42-9e5a-6db0ea6bf90f@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Hi FreeBSD developers, After the recent findings that a network module may end up doing things like mtod(m, struct ip *) over an empty mbuf in a chain, an idea has come to add m_len assertion to the existing mtod() and mtodo() macros. Thus, mtod() would panic if m->m_len < sizeof(struct ip) in the example. The current implementation proposal is here: https://reviews.freebsd.org/D46684 The high level technical plan for this long path is as follows: 1. Fix compilation cases 2. Fix runtime cases, e.g. mtod() can be used before m_len is prepared 3. Land the assertion The very first inconvenience found is that it will make mtod() unavailable for the following two use cases: - void pointer mtod(m, void *) - work with m_data pointer itself: mtod(m, vm_offset_t) mtod(m, uintptr_t) & 3 Currently, 116 void* cases and 60 m_data pointer cases are found [1]. And they are targeted to be re-worked. It's planned to consider each case because of something could be not just a literal macro expansion, e.g. mtod() & 3 examples could be changed to something like m_alignment(m) & 3 or m_is_aligned(m, 3). It would be appreciated to receive comments, opinions, and suggestions before starting work on the respective changes. [1] The cases found: https://github.com/ihoro/freebsd-src/pull/31/files Best regards, igoro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?05e3056e-4563-4d42-9e5a-6db0ea6bf90f>