RE: RFC: bsd_tcp patch on in.c

[Bernd Edlinger <bernd.edlinger@hotmail.de>]

Hi Jürgen,


> The patch below we already use since 2006.
> We had problems with the TCP/IP stack directly after booting because it
> already received packets before being initialized completely.
> Here our CVS log:
>
> move
> splx(s);
> from line 682 to line 739
> so that tcp/ip stack has started up before the ethernet driver is released
> (else the not-ready stack will already receive packets)
>
> Do you agree this is a valid patch?

that is hard to tell - probably it is not necessary to lock anything here,
especially because the in_control() does many things
with the  in_ifaddrhead list, without any lock. It just locks when it
adds/removes entries from that list, which is really the bare minimum.


I had similar problems however: an ICMP packet arriving while there
was zero interface addresses registered. => NULL pointer access in sys/netinet/ip_icmp.c
see the hunk at ip_icmp.c, lines 651-656. This means that the packet may
arrive well before in_ifinit is called. Even before line 293 of in.c enters the address to the list:
this place is locked with splnet however.


That null pointer access became only apparent after I changed the MMU to exclude page zero,
because usually the arm processor would silently allow read accesses to the ISR table.


See my patch at  http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001649 for details
on  "MMU: added Access Protection against NULL-Pointer accesses".
Before I had invented that patch it was really hard to find such hideous bugs.


Regards
Bernd Edlinger