From owner-svn-src-head@FreeBSD.ORG Thu Dec 25 11:32:38 2008 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CE6BB1065670; Thu, 25 Dec 2008 11:32:38 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id A5D8A8FC12; Thu, 25 Dec 2008 11:32:38 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBPBWcr5012521; Thu, 25 Dec 2008 11:32:38 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBPBWc4D012520; Thu, 25 Dec 2008 11:32:38 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <200812251132.mBPBWc4D012520@svn.freebsd.org> From: Robert Watson Date: Thu, 25 Dec 2008 11:32:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r186493 - head/sys/kern X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2008 11:32:38 -0000 Author: rwatson Date: Thu Dec 25 11:32:38 2008 New Revision: 186493 URL: http://svn.freebsd.org/changeset/base/186493 Log: Following the recent security advisory, add a comment describing our invariants and approach for protocol switch methods in protsw_init(), and also some KASSERT's for non-domain init entries in protocol switch tables: pru_abort and pru_send must both be implemented. For now, leave those assertions #if 0'd, since there are a few protocols that violate them in non-harmful ways. Whether or not we should enforce pru_abort being implemented for non-stream protocols is an interesting question: currently abort is only invoked on stream sockets in situations where un-accepted sockets must be abruptly closed (i.e., close() on a listen socket with pending connections), but in principle it is useful for datagram sockets and most datagram socket types implement it. MFC after: 3 weeks Modified: head/sys/kern/uipc_domain.c Modified: head/sys/kern/uipc_domain.c ============================================================================== --- head/sys/kern/uipc_domain.c Thu Dec 25 10:18:35 2008 (r186492) +++ head/sys/kern/uipc_domain.c Thu Dec 25 11:32:38 2008 (r186493) @@ -110,6 +110,28 @@ protosw_init(struct protosw *pr) pr->pr_domain->dom_name, (int)(pr - pr->pr_domain->dom_protosw))); + /* + * Protocol switch methods fall into three categories: mandatory, + * mandatory but protosw_init() provides a default, and optional. + * + * For true protocols (i.e., pru_attach != NULL), KASSERT truly + * mandatory methods with no defaults, and initialize defaults for + * other mandatory methods if the protocol hasn't defined an + * implementation (NULL function pointer). + */ +#if 0 + if (pu->pru_attach != NULL) { + KASSERT(pu->pru_abort != NULL, + ("protosw_init: %ssw[%d] pru_abort NULL", + pr->pr_domain->dom_name, + (int)(pr - pr->pr_domain->dom_protosw))); + KASSERT(pu->pru_send != NULL, + ("protosw_init: %ssw[%d] pru_send NULL", + pr->pr_domain->dom_name, + (int)(pr - pr->pr_domain->dom_protosw))); + } +#endif + #define DEFAULT(foo, bar) if ((foo) == NULL) (foo) = (bar) DEFAULT(pu->pru_accept, pru_accept_notsupp); DEFAULT(pu->pru_bind, pru_bind_notsupp);