Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 3 Nov 2020 13:00:02 +0300
From:      xtouqh@hotmail.com
To:        Hans Petter Selasky <hps@selasky.org>, hackers@freebsd.org
Subject:   Re: KASSERT(val != 0) not triggering in linux_errno.c reading outside of array
Message-ID:  <AM0PR06MB398671E9C991E0A1B4223660C0110@AM0PR06MB3986.eurprd06.prod.outlook.com>
In-Reply-To: <77d2eef0-9cc8-aa39-6d28-a7fb41e233ac@selasky.org>
References:  <AM0PR06MB39867F0AE62A737D2EE596F5C0110@AM0PR06MB3986.eurprd06.prod.outlook.com> <77d2eef0-9cc8-aa39-6d28-a7fb41e233ac@selasky.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hans Petter Selasky wrote:
> On 2020-11-03 10:46, xtouqh@hotmail.com wrote:
>> I'm looking at the current sys/compat/linux/linux_errno.c source, 
>> specifically this function: 
>> https://svnweb.freebsd.org/base/head/sys/compat/linux/linux_errno.c?revision=367132&view=markup#l24, 
>> and noticed that sizeof() usage there seems to be bogus as I mentioned 
>> in https://reviews.freebsd.org/D26974#inline-168811.
>>
>> What I'm wondering about is why KASSERT() is not triggering there -- I 
>> have added the following printf() right below KASSERT() showing that 
>> we indeed read outside of the array, and some of the linux_errtbl[i] 
>> values are 0:
>>
>> printf("%s:linux_errtbl[%d]=%d\n", __func__, i, linux_errtbl[i]);
>>
>> But, if I add the following check before printf(), it seems to be 
>> never true:
>>
>> if (linux_errtbl[i] == 0)
>>      printf("%s:linux_errtbl[%d]=%d\n", __func__, i, linux_errtbl[i]);
>>
>> So how come printed values are 0, but KASSERT(value != 0) and if 
>> (value == 0) are never true?  I tried to reproduce this in simple 
>> userland test case, but the check seems to be working correctly there 
>> (though still reading outside of array if using sizeof() for final 
>> index).  What am I missing here?
> 
> Did you enable INVARIANTS when compiling the kernel?

Yes, using amd64 GENERIC on -CURRENT, and that function itself is 
ifdef'ed INVARIANTS, so if it's executed, INVARIANTS are there when 
building the module and KASSERT() is not no-op.  Though even without 
KASSERT(), simple if() is still not doing what I expect, so there must 
be something I'm missing.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AM0PR06MB398671E9C991E0A1B4223660C0110>