PERFORCE change 38498 for review
Sam Leffler
sam at FreeBSD.org
Tue Sep 23 16:13:36 PDT 2003
http://perforce.freebsd.org/chv.cgi?CH=38498
Change 38498 by sam at sam_ebb on 2003/09/23 16:12:59
replace numerous bogus panic's with equally bogus assertions
that at least go away on a production system
Affected files ...
.. //depot/projects/netperf/sys/netipsec/key.c#5 edit
Differences ...
==== //depot/projects/netperf/sys/netipsec/key.c#5 (text+ko) ====
@@ -855,9 +855,9 @@
/* Which SA is the better ? */
- /* sanity check 2 */
- if (candidate->lft_c == NULL || sav->lft_c == NULL)
- panic("%s: lifetime_current is NULL\n", __func__);
+ IPSEC_ASSERT(candidate->lft_c != NULL,
+ ("null candidate lifetime"));
+ IPSEC_ASSERT(sav->lft_c != NULL, ("null sav lifetime"));
/* What the best method is to compare ? */
if (key_prefered_oldsa) {
@@ -1059,7 +1059,6 @@
void
key_freeso(struct socket *so)
{
- /* sanity check */
IPSEC_ASSERT(so != NULL, ("null so"));
switch (so->so_proto->pr_domain->dom_family) {
@@ -1276,11 +1275,9 @@
{
struct secpolicy *newsp;
- /* sanity check */
- if (xpl0 == NULL)
- panic("%s: NULL pointer was passed.\n", __func__);
- if (len < sizeof(*xpl0))
- panic("%s: invalid length.\n", __func__);
+ IPSEC_ASSERT(xpl0 != NULL, ("null xpl0"));
+ IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %u", len));
+
if (len != PFKEY_EXTLEN(xpl0)) {
ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__));
*error = EINVAL;
@@ -1514,9 +1511,7 @@
caddr_t p;
struct mbuf *m;
- /* sanity check. */
- if (sp == NULL)
- panic("%s: NULL pointer was passed.\n", __func__);
+ IPSEC_ASSERT(sp != NULL, ("null policy"));
tlen = key_getspreqmsglen(sp);
@@ -1589,8 +1584,8 @@
struct mbuf *result = NULL, *n;
int len;
- if (m == NULL || mhp == NULL)
- panic("%s: null pointer passed", __func__);
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
va_start(ap, nitem);
for (i = 0; i < nitem; i++) {
@@ -1606,10 +1601,9 @@
if (idx == SADB_EXT_RESERVED) {
len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
-#ifdef DIAGNOSTIC
- if (len > MHLEN)
- panic("assumption failed");
-#endif
+
+ IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len));
+
MGETHDR(n, M_DONTWAIT, MT_DATA);
if (!n)
goto fail;
@@ -1683,9 +1677,10 @@
struct secpolicy *newsp;
int error;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
@@ -1943,9 +1938,10 @@
struct secpolicyindex spidx;
struct secpolicy *sp;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("key_spddelete: NULL pointer is passed.\n");
+ IPSEC_ASSERT(so != NULL, ("null so"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
@@ -2039,9 +2035,10 @@
u_int32_t id;
struct secpolicy *sp;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
@@ -2135,9 +2132,10 @@
struct secpolicy *sp;
struct mbuf *n;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
@@ -2185,13 +2183,10 @@
struct secspacq *newspacq;
int error;
- /* sanity check */
- if (sp == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
- if (sp->req != NULL)
- panic("%s: called but there is request.\n", __func__);
- if (sp->policy != IPSEC_POLICY_IPSEC)
- panic("%s: policy mismathed. IPsec is expected.\n", __func__);
+ IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
+ IPSEC_ASSERT(sp->req == NULL, ("policy exists"));
+ IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC,
+ ("policy not IPSEC %u", sp->policy));
/* Get an entry to check whether sent message or not. */
newspacq = key_getspacq(&sp->spidx);
@@ -2257,9 +2252,10 @@
struct secpolicy *sp;
u_int dir;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
return key_senderror(so, m, EINVAL);
@@ -2308,9 +2304,10 @@
u_int dir;
struct mbuf *n;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/* search SPD entry and get buffer size. */
cnt = 0;
@@ -2445,9 +2442,7 @@
/* XXX: Why do we lock ? */
- /* sanity check */
- if (sp == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
/* set msg header */
m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
@@ -2581,7 +2576,6 @@
u_int stateidx, state;
int zombie = 0;
- /* sanity check */
IPSEC_ASSERT(sah != NULL, ("NULL sah"));
mtx_assert(&sahtree_lock, MA_OWNED);
@@ -2647,9 +2641,10 @@
struct secasvar *newsav;
const struct sadb_sa *xsa;
- /* sanity check */
- if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
- panic("key_newsa: NULL pointer is passed.\n");
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
+ IPSEC_ASSERT(sah != NULL, ("null secashead"));
newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT|M_ZERO);
if (newsav == NULL) {
@@ -2916,9 +2911,9 @@
{
int error = 0;
- /* sanity check */
- if (m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/* initialization */
sav->replay = NULL;
@@ -3585,9 +3580,7 @@
struct in_ifaddr *ia;
#endif
- /* sanity check */
- if (sa == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(sa != NULL, ("null sockaddr"));
switch (sa->sa_family) {
#ifdef INET
@@ -4313,9 +4306,10 @@
u_int32_t reqid;
int error;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
@@ -4589,9 +4583,10 @@
u_int32_t reqid;
int error;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/* map satype to proto */
if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
@@ -4783,9 +4778,10 @@
u_int32_t reqid;
int error;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/* map satype to proto */
if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
@@ -4895,9 +4891,10 @@
const struct sadb_ident *idsrc, *iddst;
int idsrclen, iddstlen;
- /* sanity check */
- if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(sah != NULL, ("null secashead"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/* don't make buffer if not there */
if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
@@ -4965,9 +4962,9 @@
{
struct mbuf *n;
- /* sanity check */
- if (m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/* create new sadb_msg to reply. */
n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
@@ -5017,9 +5014,10 @@
struct secasvar *sav = NULL;
u_int16_t proto;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/* map satype to proto */
if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
@@ -5212,9 +5210,10 @@
struct secasvar *sav = NULL;
u_int16_t proto;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/* map satype to proto */
if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
@@ -5577,7 +5576,6 @@
int error = -1;
u_int32_t seq;
- /* sanity check */
IPSEC_ASSERT(saidx != NULL, ("null saidx"));
satype = key_proto2satype(saidx->proto);
IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto));
@@ -5861,9 +5859,10 @@
u_int16_t proto;
int error;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/*
* Error message from KMd.
@@ -5977,9 +5976,10 @@
{
struct secreg *reg, *newreg = 0;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/* check for invalid register message */
if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
@@ -6131,7 +6131,6 @@
struct secreg *reg;
int i;
- /* sanity check */
IPSEC_ASSERT(so != NULL, ("NULL so"));
/*
@@ -6175,15 +6174,12 @@
/* XXX: Why do we lock ? */
s = splnet(); /*called from softclock()*/
- /* sanity check */
- if (sav == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
- if (sav->sah == NULL)
- panic("%s: Why was SA index in SA NULL.\n", __func__);
- if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
- panic("%s: invalid proto is passed.\n", __func__);
+ IPSEC_ASSERT (sav != NULL, ("null sav"));
+ IPSEC_ASSERT (sav->sah != NULL, ("null sa header"));
/* set msg header */
+ satype = key_proto2satype(sav->sah->saidx.proto);
+ IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype));
m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
if (!m) {
error = ENOBUFS;
@@ -6305,9 +6301,9 @@
u_int8_t state;
u_int stateidx;
- /* sanity check */
- if (so == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/* map satype to proto */
if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
@@ -6391,9 +6387,10 @@
struct sadb_msg *newmsg;
struct mbuf *n;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
/* map satype to proto */
if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
@@ -6474,9 +6471,10 @@
{
int olen;
- /* sanity check */
- if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
@@ -6565,9 +6563,8 @@
int error;
int target;
- /* sanity check */
- if (m == NULL || so == NULL)
- panic("%s: NULL pointer is passed.\n", __func__);
+ IPSEC_ASSERT(so != NULL, ("null socket"));
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
#if 0 /*kdebug_sadb assumes msg in linear buffer*/
KEYDEBUG(KEYDEBUG_KEY_DUMP,
@@ -6817,8 +6814,8 @@
{
struct sadb_msg *msg;
- if (m->m_len < sizeof(struct sadb_msg))
- panic("%s: invalid mbuf passed", __func__);
+ IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
+ ("mbuf too small, len %u", m->m_len));
msg = mtod(m, struct sadb_msg *);
msg->sadb_msg_errno = code;
@@ -6841,11 +6838,10 @@
int extlen;
int toff;
- /* sanity check */
- if (m == NULL || mhp == NULL)
- panic("%s: NULL pointer is passed", __func__);
- if (m->m_len < sizeof(struct sadb_msg))
- panic("%s: invalid mbuf passed", __func__);
+ IPSEC_ASSERT(m != NULL, ("null mbuf"));
+ IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
+ IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
+ ("mbuf too small, len %u", m->m_len));
/* initialize */
bzero(mhp, sizeof(*mhp));
@@ -7045,9 +7041,7 @@
caddr_t src;
caddr_t dst;
{
- /* sanity check */
- if (sav->sah == NULL)
- panic("%s: sav->sah == NULL", __func__);
+ IPSEC_ASSERT(sav->sah != NULL, ("null SA header"));
/* XXX: check inner IP header */
@@ -7138,8 +7132,7 @@
struct secasvar *sav;
{
- if (!sav->iv)
- panic("%s: sav == NULL", __func__);
+ IPSEC_ASSERT(sav->iv != NULL, ("null IV"));
key_randomfill(sav->iv, sav->ivlen);
}
More information about the p4-projects
mailing list