Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Possible error in kern_sysctl.c

In the routine sysctl_create(), when we're adding a new child to an
existing node, we may have to move some existing entries.  If so, we
than have to update the parent pointers of any children whose parent
was moved.  The code to accomplish this is at line 1142

         * insert new node data
        if (at < pnode->sysctl_clen) {
                int t;

                 * move the nodes that should come after the new one
                memmove(&node[at + 1], &node[at],
                        (pnode->sysctl_clen - at) * sizeof(struct sysctlnode));
                memset(&node[at], 0, sizeof(struct sysctlnode));
                node[at].sysctl_parent = pnode;
                 * and...reparent any children of any moved nodes
            for (ni = at; ni <= pnode->sysctl_clen; ni++)
                        if (node[ni].sysctl_child != NULL)
                                for (t = 0; t < node[ni].sysctl_csize; t++)
                                        node[ni].sysctl_child[t].sysctl_parent =

At the tagged >>> line, we start processing at the entry at which we
just inserted the new node, and NOT at the first possibly-moved entry!

If the new entry has a non-NULL sysctl_child pointer we might update
some stuff that shouldn't be touched.  (Note that the new entry's
sysctl_child pointer is not set to NULL until we get to line 1196 in
the same function.)

It seems to me that the for loop on the tagged line should start with
ni = at + 1

This could potentially be the bug I've been tracking where the values
added to a sysctllog contain the wrong mib-name values, preventing
proper operation of sysctl_teardown().


| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at    |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at  |

Home | Main Index | Thread Index | Old Index