https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220404
--- Comment #1 from Mark Millard <mar...@dsl-only.net> ---
(In reply to Mark Millard from comment #0)
Some other supporting code details follow.
static struct socket *
soalloc(struct vnet *vnet)
{
struct socket *so;
so = uma_zalloc(socket_zone, M_NOWAIT | M_ZERO);
. . .
so->so_rcv.sb_sel = &so->so_rdsel;
so->so_snd.sb_sel = &so->so_wrsel;
. . .
That so->so_rcv.sb_sel assignment makes so->sol_upcall
non-NULL and so appear to be defined for use.
And that makes the following code problematical:
void
solisten_wakeup(struct socket *sol)
{
if (sol->sol_upcall != NULL)
(void )sol->sol_upcall(sol, sol->sol_upcallarg, M_NOWAIT);
else {
. . .
And this code is what is failing on production 32-bit
powerpc kernels.
There could be more anonymous struct field problems in
the union that is in struct socket . I've not checked.
I'll note that the only references to sol_upcall are:
# grep -r "\<sol_upcall" /usr/src/sys/* | more
/usr/src/sys/kern/uipc_socket.c: if (sol->sol_upcall != NULL)
/usr/src/sys/kern/uipc_socket.c: (void )sol->sol_upcall(sol,
sol->sol_upcallarg, M_NOWAIT);
/usr/src/sys/kern/uipc_socket.c: so->sol_upcall = func;
/usr/src/sys/kern/uipc_socket.c: so->sol_upcallarg = arg;
/usr/src/sys/sys/socketvar.h: so_upcall_t *sol_upcall;
/* (e) */
/usr/src/sys/sys/socketvar.h: void *sol_upcallarg;
/* (e) */
None of those assign NULL.
If NULL was assigned then ->so_rcv.sb_sel would
also become NULL in value.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
