Subject: mtod abuse?
To: None <tech-net@netbsd.org>
From: Pavel Cahyna <pcah8322@artax.karlin.mff.cuni.cz>
List: tech-net
Date: 08/07/2004 18:04:28
Hello,
is it correct to call mtod() without calling m_pullup() before dereferencing
the pointer obtained? I would think that it isn't. Such calls do occur in
wi.c, function wi_start(), however. e.g.
--- cut here ---
IF_DEQUEUE(&ic->ic_pwrsaveq, m0);
wh = mtod(m0, struct ieee80211_frame *);
llc = (struct llc *) (wh + 1);
m_copydata(m0, 4, ETHER_ADDR_LEN * 2,
(caddr_t)&frmhdr.wi_ehdr);
---> frmhdr.wi_ehdr.ether_type = llc->llc_snap.ether_type;
--- cut here ---
or
--- cut here ---
IF_DEQUEUE(&ic->ic_mgtq, m0);
m_copydata(m0, 4, ETHER_ADDR_LEN * 2,
(caddr_t)&frmhdr.wi_ehdr);
frmhdr.wi_ehdr.ether_type = 0;
wh = mtod(m0, struct ieee80211_frame *);
--- cut here ---
The arrow marks the point where I just saw a panic. Could this be the cause?
(Cc:-ing developers who are known to work on the wi driver, if you find it
inappropriate, feel free to protest loudly.)
Thanks Pavel