RFC: mbuf: Add m_len assertion to mtod() and mtodo()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 14 Oct 2024 11:00:45 UTC
Hi FreeBSD developers, After the recent findings that a network module may end up doing things like mtod(m, struct ip *) over an empty mbuf in a chain, an idea has come to add m_len assertion to the existing mtod() and mtodo() macros. Thus, mtod() would panic if m->m_len < sizeof(struct ip) in the example. The current implementation proposal is here: https://reviews.freebsd.org/D46684 The high level technical plan for this long path is as follows: 1. Fix compilation cases 2. Fix runtime cases, e.g. mtod() can be used before m_len is prepared 3. Land the assertion The very first inconvenience found is that it will make mtod() unavailable for the following two use cases: - void pointer mtod(m, void *) - work with m_data pointer itself: mtod(m, vm_offset_t) mtod(m, uintptr_t) & 3 Currently, 116 void* cases and 60 m_data pointer cases are found [1]. And they are targeted to be re-worked. It's planned to consider each case because of something could be not just a literal macro expansion, e.g. mtod() & 3 examples could be changed to something like m_alignment(m) & 3 or m_is_aligned(m, 3). It would be appreciated to receive comments, opinions, and suggestions before starting work on the respective changes. [1] The cases found: https://github.com/ihoro/freebsd-src/pull/31/files Best regards, igoro