- Fixed (Apple) compiler warnings in sctp_input.c, sctputil.c, sctp_output.c

- Fixed a LOR in handling a cookie. Turns out create lock is applied.
  And if we abort processing, this causes LOR. Changed to force the
  timer to clean up, that way create lock is released.

3 files changed, 108 insertions, 104 deletions

diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c
index 0146811..249b9f2 100644
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@@ -1005,7 +1005,7 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset,
 	int init_offset, initack_offset, i;
 	int retval;
 	int spec_flag = 0;
-	int how_indx;
+	uint32_t how_indx;
 
 	/* I know that the TCB is non-NULL from the caller */
 	asoc = &stcb->asoc;
@@ -1548,6 +1548,7 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
 		SCTPDBG(SCTP_DEBUG_INPUT1,
 		    "process_cookie_new: no room for another TCB!\n");
 		op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
+
 		sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
 		    sh, op_err, vrf_id, table_id);
 		return (NULL);
@@ -1574,9 +1575,11 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
 		 * cookie was in flight. Only recourse is to abort the
 		 * association.
 		 */
+		atomic_add_int(&stcb->asoc.refcnt, 1);
 		op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC);
 		sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen,
 		    sh, op_err, vrf_id, table_id);
+		atomic_add_int(&stcb->asoc.refcnt, -1);
 		return (NULL);
 	}
 	/* process the INIT-ACK info (my info) */
@@ -1598,14 +1601,18 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
 	else
 		retval = 0;
 	if (retval < 0) {
+		atomic_add_int(&stcb->asoc.refcnt, 1);
 		sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_16);
+		atomic_add_int(&stcb->asoc.refcnt, -1);
 		return (NULL);
 	}
 	/* load all addresses */
 	if (sctp_load_addresses_from_init(stcb, m, iphlen,
 	    init_offset + sizeof(struct sctp_init_chunk), initack_offset, sh,
 	    init_src)) {
+		atomic_add_int(&stcb->asoc.refcnt, 1);
 		sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_17);
+		atomic_add_int(&stcb->asoc.refcnt, -1);
 		return (NULL);
 	}
 	/*
@@ -1672,7 +1679,9 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
 		memcpy(&sin6->sin6_addr, cookie->laddress,
 		    sizeof(sin6->sin6_addr));
 	} else {
+		atomic_add_int(&stcb->asoc.refcnt, 1);
 		sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_19);
+		atomic_add_int(&stcb->asoc.refcnt, -1);
 		return (NULL);
 	}
 
@@ -1769,27 +1778,27 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset,
 	iph = mtod(m, struct ip *);
 	if (iph->ip_v == IPVERSION) {
 		/* its IPv4 */
-		struct sockaddr_in *sin;
-
-		sin = (struct sockaddr_in *)(localep_sa);
-		memset(sin, 0, sizeof(*sin));
-		sin->sin_family = AF_INET;
-		sin->sin_len = sizeof(*sin);
-		sin->sin_port = sh->dest_port;
-		sin->sin_addr.s_addr = iph->ip_dst.s_addr;
+		struct sockaddr_in *lsin;
+
+		lsin = (struct sockaddr_in *)(localep_sa);
+		memset(lsin, 0, sizeof(*lsin));
+		lsin->sin_family = AF_INET;
+		lsin->sin_len = sizeof(*lsin);
+		lsin->sin_port = sh->dest_port;
+		lsin->sin_addr.s_addr = iph->ip_dst.s_addr;
 		size_of_pkt = SCTP_GET_IPV4_LENGTH(iph);
 	} else if (iph->ip_v == (IPV6_VERSION >> 4)) {
 		/* its IPv6 */
 		struct ip6_hdr *ip6;
-		struct sockaddr_in6 *sin6;
+		struct sockaddr_in6 *lsin6;
 
-		sin6 = (struct sockaddr_in6 *)(localep_sa);
-		memset(sin6, 0, sizeof(*sin6));
-		sin6->sin6_family = AF_INET6;
-		sin6->sin6_len = sizeof(struct sockaddr_in6);
+		lsin6 = (struct sockaddr_in6 *)(localep_sa);
+		memset(lsin6, 0, sizeof(*lsin6));
+		lsin6->sin6_family = AF_INET6;
+		lsin6->sin6_len = sizeof(struct sockaddr_in6);
 		ip6 = mtod(m, struct ip6_hdr *);
-		sin6->sin6_port = sh->dest_port;
-		sin6->sin6_addr = ip6->ip6_dst;
+		lsin6->sin6_port = sh->dest_port;
+		lsin6->sin6_addr = ip6->ip6_dst;
 		size_of_pkt = SCTP_GET_IPV6_LENGTH(ip6) + iphlen;
 	} else {
 		return (NULL);
@@ -3406,7 +3415,7 @@ sctp_handle_packet_dropped(struct sctp_pktdrop_chunk *cp,
 			 * whichever is less.
 			 */
 			incr = min((bw_avail - on_queue) >> 2,
-			    (int)stcb->asoc.max_burst * (int)net->mtu);
+			    stcb->asoc.max_burst * net->mtu);
 			net->cwnd += incr;
 		}
 		if (net->cwnd > bw_avail) {
@@ -3448,7 +3457,7 @@ __attribute__((noinline))
 	struct sctp_association *asoc;
 	uint32_t vtag_in;
 	int num_chunks = 0;	/* number of control chunks processed */
-	int chk_length;
+	uint32_t chk_length;
 	int ret;
 	int abort_no_unlock = 0;
 
@@ -3647,8 +3656,8 @@ process_control_chunks:
 		chk_length = ntohs(ch->chunk_length);
 		SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_process_control: processing a chunk type=%u, len=%u\n",
 		    ch->chunk_type, chk_length);
-		if ((size_t)chk_length < sizeof(*ch) ||
-		    (*offset + chk_length) > length) {
+		if (chk_length < sizeof(*ch) ||
+		    (*offset + (int)chk_length) > length) {
 			*offset = length;
 			if (locked_tcb) {
 				SCTP_TCB_UNLOCK(locked_tcb);
@@ -3698,7 +3707,7 @@ process_control_chunks:
 			}
 		} else {
 			/* get a complete chunk... */
-			if ((size_t)chk_length > sizeof(chunk_buf)) {
+			if (chk_length > sizeof(chunk_buf)) {
 				struct mbuf *oper;
 				struct sctp_paramhdr *phdr;
 
@@ -3781,7 +3790,7 @@ process_control_chunks:
 				}
 			}
 			if ((num_chunks > 1) ||
-			    (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) {
+			    (sctp_strict_init && (length - *offset > (int)SCTP_SIZE32(chk_length)))) {
 				*offset = length;
 				if (locked_tcb) {
 					SCTP_TCB_UNLOCK(locked_tcb);
@@ -3833,7 +3842,7 @@ process_control_chunks:
 				}
 			}
 			if ((num_chunks > 1) ||
-			    (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) {
+			    (sctp_strict_init && (length - *offset > (int)SCTP_SIZE32(chk_length)))) {
 				*offset = length;
 				if (locked_tcb) {
 					SCTP_TCB_UNLOCK(locked_tcb);
@@ -4176,7 +4185,7 @@ process_control_chunks:
 			SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN-COMPLETE, stcb %p\n", stcb);
 			/* must be first and only chunk */
 			if ((num_chunks > 1) ||
-			    (length - *offset > SCTP_SIZE32(chk_length))) {
+			    (length - *offset > (int)SCTP_SIZE32(chk_length))) {
 				*offset = length;
 				if (locked_tcb) {
 					SCTP_TCB_UNLOCK(locked_tcb);
diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c
index a8a506a..3c0056c 100644
--- a/sys/netinet/sctp_output.c
+++ b/sys/netinet/sctp_output.c
@@ -3057,7 +3057,7 @@ sctp_find_cmsg(int c_type, void *data, struct mbuf *control, int cpsize)
 			return (0);
 		}
 		m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh);
-		if ((cmh.cmsg_len + at) > tlen) {
+		if (((int)cmh.cmsg_len + at) > tlen) {
 			/*
 			 * this is real messed up since there is not enough
 			 * data here to cover the cmsg header. We are done.
@@ -3913,26 +3913,26 @@ sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
 	}
 	/* add authentication parameters */
 	if (!sctp_auth_disable) {
-		struct sctp_auth_random *random;
+		struct sctp_auth_random *randp;
 		struct sctp_auth_hmac_algo *hmacs;
 		struct sctp_auth_chunk_list *chunks;
 
 		/* attach RANDOM parameter, if available */
 		if (stcb->asoc.authinfo.random != NULL) {
-			random = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
-			p_len = sizeof(*random) + stcb->asoc.authinfo.random_len;
+			randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
+			p_len = sizeof(*randp) + stcb->asoc.authinfo.random_len;
 #ifdef SCTP_AUTH_DRAFT_04
-			random->ph.param_type = htons(SCTP_RANDOM);
-			random->ph.param_length = htons(p_len);
+			randp->ph.param_type = htons(SCTP_RANDOM);
+			randp->ph.param_length = htons(p_len);
 			bcopy(stcb->asoc.authinfo.random->key,
-			    random->random_data,
+			    randp->random_data,
 			    stcb->asoc.authinfo.random_len);
 #else
 			/* random key already contains the header */
-			bcopy(stcb->asoc.authinfo.random->key, random, p_len);
+			bcopy(stcb->asoc.authinfo.random->key, randp, p_len);
 #endif
 			/* zero out any padding required */
-			bzero((caddr_t)random + p_len, SCTP_SIZE32(p_len) - p_len);
+			bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len);
 			SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
 		}
 		/* add HMAC_ALGO parameter */
@@ -4003,8 +4003,6 @@ sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
 		 * though I think it is impossible :-> however we add
 		 * mp_last here just in case.
 		 */
-		int ret;
-
 		ret = sctp_add_pad_tombuf(mp_last, (4 - padval));
 		if (ret) {
 			/* Houston we have a problem, no space */
@@ -4926,20 +4924,20 @@ sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
 	}
 	/* add authentication parameters */
 	if (!sctp_auth_disable) {
-		struct sctp_auth_random *random;
+		struct sctp_auth_random *randp;
 		struct sctp_auth_hmac_algo *hmacs;
 		struct sctp_auth_chunk_list *chunks;
 		uint16_t random_len;
 
 		/* generate and add RANDOM parameter */
 		random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT;
-		random = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
-		random->ph.param_type = htons(SCTP_RANDOM);
-		p_len = sizeof(*random) + random_len;
-		random->ph.param_length = htons(p_len);
-		SCTP_READ_RANDOM(random->random_data, random_len);
+		randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m));
+		randp->ph.param_type = htons(SCTP_RANDOM);
+		p_len = sizeof(*randp) + random_len;
+		randp->ph.param_length = htons(p_len);
+		SCTP_READ_RANDOM(randp->random_data, random_len);
 		/* zero out any padding required */
-		bzero((caddr_t)random + p_len, SCTP_SIZE32(p_len) - p_len);
+		bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len);
 		SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len);
 
 		/* add HMAC_ALGO parameter */
@@ -5451,7 +5449,7 @@ error_out:
 		appendchain = clonechain;
 	} else {
 		if (!copy_by_ref &&
-		    (sizeofcpy <= ((((sctp_mbuf_threshold_count - 1) * MLEN) + MHLEN)))
+		    (sizeofcpy <= (int)((((sctp_mbuf_threshold_count - 1) * MLEN) + MHLEN)))
 		    ) {
 			/* Its not in a cluster */
 			if (*endofchain == NULL) {
@@ -6067,7 +6065,7 @@ sctp_clean_up_ctl(struct sctp_tcb *stcb, struct sctp_association *asoc)
 static __inline int
 sctp_can_we_split_this(struct sctp_tcb *stcb,
     struct sctp_stream_queue_pending *sp,
-    int goal_mtu, int frag_point, int eeor_on)
+    uint32_t goal_mtu, uint32_t frag_point, int eeor_on)
 {
 	/*
 	 * Make a decision on if I should split a msg into multiple parts.
@@ -6099,7 +6097,8 @@ sctp_can_we_split_this(struct sctp_tcb *stcb,
 			return (goal_mtu);
 		}
 	}
-	if ((sp->length <= goal_mtu) || ((sp->length - goal_mtu) < sctp_min_residual)) {
+	if ((sp->length <= goal_mtu) ||
+	    ((sp->length - goal_mtu) < sctp_min_residual)) {
 		/* Sub-optimial residual don't split in non-eeor mode. */
 		return (0);
 	}
@@ -6116,11 +6115,11 @@ sctp_can_we_split_this(struct sctp_tcb *stcb,
 
 }
 
-static int
+static uint32_t
 sctp_move_to_outqueue(struct sctp_tcb *stcb, struct sctp_nets *net,
     struct sctp_stream_out *strq,
-    int goal_mtu,
-    int frag_point,
+    uint32_t goal_mtu,
+    uint32_t frag_point,
     int *locked,
     int *giveup,
     int eeor_mode)
@@ -6130,7 +6129,7 @@ sctp_move_to_outqueue(struct sctp_tcb *stcb, struct sctp_nets *net,
 	struct sctp_stream_queue_pending *sp;
 	struct sctp_tmit_chunk *chk;
 	struct sctp_data_chunk *dchkh;
-	int to_move;
+	uint32_t to_move;
 	uint8_t rcv_flags = 0;
 	uint8_t some_taken;
 	uint8_t send_lock_up = 0;
@@ -6365,7 +6364,7 @@ out_gu:
 	} else {
 		atomic_subtract_int(&sp->length, to_move);
 	}
-	if (M_LEADINGSPACE(chk->data) < sizeof(struct sctp_data_chunk)) {
+	if (M_LEADINGSPACE(chk->data) < (int)sizeof(struct sctp_data_chunk)) {
 		/* Not enough room for a chunk header, get some */
 		struct mbuf *m;
 
@@ -6385,12 +6384,12 @@ out_gu:
 				sp->data = chk->data;
 				sp->tail_mbuf = chk->last_mbuf;
 			} else {
-				struct mbuf *m;
+				struct mbuf *m_tmp;
 
 				/* reassemble the data */
-				m = sp->data;
+				m_tmp = sp->data;
 				sp->data = chk->data;
-				SCTP_BUF_NEXT(sp->data) = m;
+				SCTP_BUF_NEXT(sp->data) = m_tmp;
 			}
 			sp->some_taken = some_taken;
 			atomic_add_int(&sp->length, to_move);
@@ -10472,7 +10471,7 @@ sctp_copy_it_in(struct sctp_tcb *stcb,
 	*error = 0;
 	/* Unless E_EOR mode is on, we must make a send FIT in one call. */
 	if (((user_marks_eor == 0) && non_blocking) &&
-	    (uio->uio_resid > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) {
+	    (uio->uio_resid > (int)SCTP_SB_LIMIT_SND(stcb->sctp_socket))) {
 		/* It will NEVER fit */
 		*error = EMSGSIZE;
 		goto out_now;
@@ -10502,11 +10501,10 @@ sctp_copy_it_in(struct sctp_tcb *stcb,
 
 	sp->stream = srcv->sinfo_stream;
 	sp->length = min(uio->uio_resid, max_send_len);
-	if ((sp->length == uio->uio_resid) &&
+	if ((sp->length == (uint32_t) uio->uio_resid) &&
 	    ((user_marks_eor == 0) ||
 	    (srcv->sinfo_flags & SCTP_EOF) ||
-	    (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))
-	    ) {
+	    (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) {
 		sp->msg_is_complete = 1;
 	} else {
 		sp->msg_is_complete = 0;
@@ -11048,7 +11046,7 @@ sctp_lower_sosend(struct socket *so,
 	/* Are we aborting? */
 	if (srcv->sinfo_flags & SCTP_ABORT) {
 		struct mbuf *mm;
-		int tot_demand, tot_out = 0, max;
+		int tot_demand, tot_out = 0, max_out;
 
 		SCTP_STAT_INCR(sctps_sends_with_abort);
 		if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) ||
@@ -11084,10 +11082,10 @@ sctp_lower_sosend(struct socket *so,
 			error = ENOMEM;
 			goto out;
 		}
-		max = asoc->smallest_mtu - sizeof(struct sctp_paramhdr);
-		max -= sizeof(struct sctp_abort_msg);
-		if (tot_out > max) {
-			tot_out = max;
+		max_out = asoc->smallest_mtu - sizeof(struct sctp_paramhdr);
+		max_out -= sizeof(struct sctp_abort_msg);
+		if (tot_out > max_out) {
+			tot_out = max_out;
 		}
 		if (mm) {
 			struct sctp_paramhdr *ph;
@@ -11296,7 +11294,8 @@ sctp_lower_sosend(struct socket *so,
 				max_len = 0;
 
 			if ((max_len > sctp_add_more_threshold) ||
-			    (uio->uio_resid && (uio->uio_resid < max_len))) {
+			    (uio->uio_resid &&
+			    (uio->uio_resid < (int)max_len))) {
 				sndout = 0;
 				new_tail = NULL;
 				if (hold_tcblock) {
diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c
index 70fed4c..8b4943a 100644
--- a/sys/netinet/sctputil.c
+++ b/sys/netinet/sctputil.c
@@ -1550,7 +1550,7 @@ sctp_timeout_handler(void *t)
 		break;
 	case SCTP_TIMER_TYPE_HEARTBEAT:
 		{
-			struct sctp_nets *net;
+			struct sctp_nets *lnet;
 			int cnt_of_unconf = 0;
 
 			if ((stcb == NULL) || (inp == NULL)) {
@@ -1558,23 +1558,24 @@ sctp_timeout_handler(void *t)
 			}
 			SCTP_STAT_INCR(sctps_timoheartbeat);
 			stcb->asoc.timoheartbeat++;
-			TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) {
-				if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) &&
-				    (net->dest_state & SCTP_ADDR_REACHABLE)) {
+			TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) {
+				if ((lnet->dest_state & SCTP_ADDR_UNCONFIRMED) &&
+				    (lnet->dest_state & SCTP_ADDR_REACHABLE)) {
 					cnt_of_unconf++;
 				}
 			}
 			if (cnt_of_unconf == 0) {
-				if (sctp_heartbeat_timer(inp, stcb, net, cnt_of_unconf)) {
+				if (sctp_heartbeat_timer(inp, stcb, lnet,
+				    cnt_of_unconf)) {
 					/* no need to unlock on tcb its gone */
 					goto out_decr;
 				}
 			}
 #ifdef SCTP_AUDITING_ENABLED
-			sctp_auditing(4, inp, stcb, net);
+			sctp_auditing(4, inp, stcb, lnet);
 #endif
-			sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep,
-			    stcb, net);
+			sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT,
+			    stcb->sctp_ep, stcb, lnet);
 			sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR);
 		}
 		break;
@@ -1897,7 +1898,6 @@ sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb,
 				return;
 			}
 			if (net) {
-				struct sctp_nets *lnet;
 				int delay;
 
 				delay = stcb->asoc.heart_beat_delay;
@@ -2347,11 +2347,10 @@ sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset)
 	/*
 	 * given a mbuf chain with a packetheader offset by 'offset'
 	 * pointing at a sctphdr (with csum set to 0) go through the chain
-	 * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This is
-	 * currently Adler32 but will change to CRC32x soon. Also has a side
-	 * bonus calculate the total length of the mbuf chain. Note: if
-	 * offset is greater than the total mbuf length, checksum=1,
-	 * pktlen=0 is returned (ie. no real error code)
+	 * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This also
+	 * has a side bonus as it will calculate the total length of the
+	 * mbuf chain. Note: if offset is greater than the total mbuf
+	 * length, checksum=1, pktlen=0 is returned (ie. no real error code)
 	 */
 	if (pktlen == NULL)
 		return (0);
@@ -2369,11 +2368,10 @@ sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset)
 	/*
 	 * given a mbuf chain with a packetheader offset by 'offset'
 	 * pointing at a sctphdr (with csum set to 0) go through the chain
-	 * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This is
-	 * currently Adler32 but will change to CRC32x soon. Also has a side
-	 * bonus calculate the total length of the mbuf chain. Note: if
-	 * offset is greater than the total mbuf length, checksum=1,
-	 * pktlen=0 is returned (ie. no real error code)
+	 * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This also
+	 * has a side bonus as it will calculate the total length of the
+	 * mbuf chain. Note: if offset is greater than the total mbuf
+	 * length, checksum=1, pktlen=0 is returned (ie. no real error code)
 	 */
 	int32_t tlen = 0;
 	struct mbuf *at;
@@ -2399,11 +2397,10 @@ sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset)
 	/*
 	 * given a mbuf chain with a packetheader offset by 'offset'
 	 * pointing at a sctphdr (with csum set to 0) go through the chain
-	 * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This is
-	 * currently Adler32 but will change to CRC32x soon. Also has a side
-	 * bonus calculate the total length of the mbuf chain. Note: if
-	 * offset is greater than the total mbuf length, checksum=1,
-	 * pktlen=0 is returned (ie. no real error code)
+	 * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This also
+	 * has a side bonus as it will calculate the total length of the
+	 * mbuf chain. Note: if offset is greater than the total mbuf
+	 * length, checksum=1, pktlen=0 is returned (ie. no real error code)
 	 */
 	int32_t tlen = 0;
 
@@ -2413,7 +2410,7 @@ sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset)
 #else
 	uint32_t base = 0xffffffff;
 
-#endif				/* SCTP_USE_ADLER32 */
+#endif
 	struct mbuf *at;
 
 	at = m;
@@ -2440,12 +2437,12 @@ sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset)
 				    (unsigned char *)(SCTP_BUF_AT(at, offset)),
 				    (unsigned int)(SCTP_BUF_LEN(at) - offset));
 			}
-#endif				/* SCTP_USE_ADLER32 */
+#endif
 			tlen += SCTP_BUF_LEN(at) - offset;
 			/* we only offset once into the first mbuf */
 		}
 		if (offset) {
-			if (offset < SCTP_BUF_LEN(at))
+			if (offset < (uint32_t) SCTP_BUF_LEN(at))
 				offset = 0;
 			else
 				offset -= SCTP_BUF_LEN(at);
@@ -4483,7 +4480,7 @@ sctp_find_ifa_by_addr(struct sockaddr *addr, uint32_t vrf_id, int holds_lock)
 }
 
 static void
-sctp_user_rcvd(struct sctp_tcb *stcb, int *freed_so_far, int hold_rlock,
+sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t * freed_so_far, int hold_rlock,
     uint32_t rwnd_req)
 {
 	/* User pulled some data, do we need a rwnd update? */
@@ -4498,8 +4495,7 @@ sctp_user_rcvd(struct sctp_tcb *stcb, int *freed_so_far, int hold_rlock,
 
 	if (stcb->asoc.state & (SCTP_STATE_ABOUT_TO_BE_FREED |
 	    SCTP_STATE_SHUTDOWN_RECEIVED |
-	    SCTP_STATE_SHUTDOWN_ACK_SENT)
-	    ) {
+	    SCTP_STATE_SHUTDOWN_ACK_SENT)) {
 		/* Pre-check If we are freeing no update */
 		goto no_lock;
 	}
@@ -4613,7 +4609,7 @@ sctp_sorecvmsg(struct socket *so,
 	int freecnt_applied = 0;
 	int out_flags = 0, in_flags = 0;
 	int block_allowed = 1;
-	int freed_so_far = 0;
+	uint32_t freed_so_far = 0;
 	int copied_so_far = 0;
 	int in_eeor_mode = 0;
 	int no_rcv_needed = 0;
@@ -4622,7 +4618,7 @@ sctp_sorecvmsg(struct socket *so,
 	int hold_rlock = 0;
 	int alen = 0;
 	int slen = 0;
-	int held_length = 0;
+	uint32_t held_length = 0;
 	int sockbuf_lock = 0;
 
 	if (uio == NULL) {
@@ -4844,17 +4840,17 @@ restart_nosblocks:
 		control->held_length = 0;
 		if (control->data) {
 			/* Hmm there is data here .. fix */
-			struct mbuf *m;
+			struct mbuf *m_tmp;
 			int cnt = 0;
 
-			m = control->data;
-			while (m) {
-				cnt += SCTP_BUF_LEN(m);
-				if (SCTP_BUF_NEXT(m) == NULL) {
-					control->tail_mbuf = m;
+			m_tmp = control->data;
+			while (m_tmp) {
+				cnt += SCTP_BUF_LEN(m_tmp);
+				if (SCTP_BUF_NEXT(m_tmp) == NULL) {
+					control->tail_mbuf = m_tmp;
 					control->end_added = 1;
 				}
-				m = SCTP_BUF_NEXT(m);
+				m_tmp = SCTP_BUF_NEXT(m_tmp);
 			}
 			control->length = cnt;
 		} else {
@@ -5814,7 +5810,7 @@ sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr,
 	sa = addr;
 	*error = *num_v6 = *num_v4 = 0;
 	/* account and validate addresses */
-	for (i = 0; i < *totaddr; i++) {
+	for (i = 0; i < (size_t)*totaddr; i++) {
 		if (sa->sa_family == AF_INET) {
 			(*num_v4) += 1;
 			incr = sizeof(struct sockaddr_in);
@@ -5853,7 +5849,7 @@ sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr,
 		} else {
 			SCTP_INP_DECR_REF(inp);
 		}
-		if ((at + incr) > limit) {
+		if ((at + incr) > (size_t)limit) {
 			*totaddr = i;
 			break;
 		}