Consider the following code fragment that lives outside the current "tun"
module:
ill_t *v4;
tun_t *tun;
/* Coming soon to a code preview near you... */
ipsec_tun_pol_t *itp;
v4 = ill_lookup_on_name(tname, B_FALSE, B_FALSE, NULL,
NULL, NULL, &errno, NULL);
if (v4 != NULL) {
if (!(v4->ill_flags & ILL_CONDEMNED)) {
------- YIKE! ----> tun =
(tun_t *)v4->ill_wq->q_next->q_ptr;
mutex_enter(&tun->tun_lock);
ASSERT(tun->tun_itp == NULL);
ITP_REFHOLD(itp);
tun->tun_itp = itp;
mutex_exit(&tun->tun_lock);
}
ill_refrele(v4);
}
Don't worry about itp and tun. Worry about the line with "YIKE!" pointing at
it. The comments in ip.h suggest I can get away with what I just said,
because ill_wq is write-once, and the ill's queue is good so long as it's not
condemned.
Please confirm or deny the safety of the fragment I just displayed.
Thanks!
Dan
_______________________________________________
networking-discuss mailing list
[email protected]
