Subject: mtod abuse?
To: None <tech-net@netbsd.org>
From: Pavel Cahyna <pcah8322@artax.karlin.mff.cuni.cz>
List: tech-net
Date: 08/07/2004 18:04:28
Hello,

is it correct to call mtod() without calling m_pullup() before dereferencing
the pointer obtained? I would think that it isn't. Such calls do occur in
wi.c, function wi_start(), however. e.g.

--- cut here ---
			IF_DEQUEUE(&ic->ic_pwrsaveq, m0);
                        wh = mtod(m0, struct ieee80211_frame *);
			llc = (struct llc *) (wh + 1);
			m_copydata(m0, 4, ETHER_ADDR_LEN * 2,
			    (caddr_t)&frmhdr.wi_ehdr);
--->			frmhdr.wi_ehdr.ether_type = llc->llc_snap.ether_type;
--- cut here ---

or 

--- cut here ---
			IF_DEQUEUE(&ic->ic_mgtq, m0);
			m_copydata(m0, 4, ETHER_ADDR_LEN * 2,
			    (caddr_t)&frmhdr.wi_ehdr);
			frmhdr.wi_ehdr.ether_type = 0;
                        wh = mtod(m0, struct ieee80211_frame *);
--- cut here ---

The arrow marks the point where I just saw a panic. Could this be the cause?

(Cc:-ing developers who are known to work on the wi driver, if you find it
inappropriate, feel free to protest loudly.)

Thanks	Pavel