Hi FreeBSD developers,
After the recent findings that a network module may end up doing things
like mtod(m, struct ip *) over an empty mbuf in a chain, an idea has
come to add m_len assertion to the existing mtod() and mtodo() macros.
Thus, mtod() would panic if m->m_len < sizeof(struct ip) in the example.
The current implementation proposal is here:
https://reviews.freebsd.org/D46684
The high level technical plan for this long path is as follows:
1. Fix compilation cases
2. Fix runtime cases, e.g. mtod() can be used before m_len is prepared
3. Land the assertion
The very first inconvenience found is that it will make mtod()
unavailable for the following two use cases:
- void pointer
mtod(m, void *)
- work with m_data pointer itself:
mtod(m, vm_offset_t)
mtod(m, uintptr_t) & 3
Currently, 116 void* cases and 60 m_data pointer cases are found [1].
And they are targeted to be re-worked. It's planned to consider each
case because of something could be not just a literal macro expansion,
e.g. mtod() & 3 examples could be changed to something like
m_alignment(m) & 3 or m_is_aligned(m, 3).
It would be appreciated to receive comments, opinions, and suggestions
before starting work on the respective changes.
[1] The cases found: https://github.com/ihoro/freebsd-src/pull/31/files
Best regards,
igoro
