From 13abb9545e8019d2493e6ad241827056ea4e67c6 Mon Sep 17 00:00:00 2001 From: rwatson Date: Thu, 25 Dec 2008 11:32:38 +0000 Subject: Following the recent security advisory, add a comment describing our invariants and approach for protocol switch methods in protsw_init(), and also some KASSERT's for non-domain init entries in protocol switch tables: pru_abort and pru_send must both be implemented. For now, leave those assertions #if 0'd, since there are a few protocols that violate them in non-harmful ways. Whether or not we should enforce pru_abort being implemented for non-stream protocols is an interesting question: currently abort is only invoked on stream sockets in situations where un-accepted sockets must be abruptly closed (i.e., close() on a listen socket with pending connections), but in principle it is useful for datagram sockets and most datagram socket types implement it. MFC after: 3 weeks --- sys/kern/uipc_domain.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'sys/kern/uipc_domain.c') diff --git a/sys/kern/uipc_domain.c b/sys/kern/uipc_domain.c index c074293..2b2f5c8 100644 --- a/sys/kern/uipc_domain.c +++ b/sys/kern/uipc_domain.c @@ -110,6 +110,28 @@ protosw_init(struct protosw *pr) pr->pr_domain->dom_name, (int)(pr - pr->pr_domain->dom_protosw))); + /* + * Protocol switch methods fall into three categories: mandatory, + * mandatory but protosw_init() provides a default, and optional. + * + * For true protocols (i.e., pru_attach != NULL), KASSERT truly + * mandatory methods with no defaults, and initialize defaults for + * other mandatory methods if the protocol hasn't defined an + * implementation (NULL function pointer). + */ +#if 0 + if (pu->pru_attach != NULL) { + KASSERT(pu->pru_abort != NULL, + ("protosw_init: %ssw[%d] pru_abort NULL", + pr->pr_domain->dom_name, + (int)(pr - pr->pr_domain->dom_protosw))); + KASSERT(pu->pru_send != NULL, + ("protosw_init: %ssw[%d] pru_send NULL", + pr->pr_domain->dom_name, + (int)(pr - pr->pr_domain->dom_protosw))); + } +#endif + #define DEFAULT(foo, bar) if ((foo) == NULL) (foo) = (bar) DEFAULT(pu->pru_accept, pru_accept_notsupp); DEFAULT(pu->pru_bind, pru_bind_notsupp); -- cgit v1.1