diff --git a/sys/netinet/sctp_asconf.c b/sys/netinet/sctp_asconf.c index 76c60ab73e9e..461637c0767f 100644 --- a/sys/netinet/sctp_asconf.c +++ b/sys/netinet/sctp_asconf.c @@ -1991,9 +1991,6 @@ sctp_find_valid_localaddr_ep(struct sctp_tcb *stcb) struct sctp_laddr *laddr; LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) { - if (laddr->ifa == NULL) { - continue; - } if (laddr->ifa == NULL) { continue; } diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c index 27bdfd2c54f5..30aa980ed7a8 100644 --- a/sys/netinet/sctp_indata.c +++ b/sys/netinet/sctp_indata.c @@ -3474,6 +3474,7 @@ sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc, * use the CMT version of * find_alt_net() */ + /* sa_ignore NO_NULL_CHK */ alt = sctp_find_alternate_net(stcb, alt, 1); } if (alt == NULL) { diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index 0bf48bc676b2..c426cd6e1870 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -186,8 +186,8 @@ sctp_is_there_unsent_data(struct sctp_tcb *stcb) if (!TAILQ_EMPTY(&asoc->out_wheel)) { /* Check to see if some data queued */ TAILQ_FOREACH(strq, &asoc->out_wheel, next_spoke) { - /* sa_ignore FREED_MEMORY */ is_there_another: + /* sa_ignore FREED_MEMORY */ sp = TAILQ_FIRST(&strq->outqueue); if (sp == NULL) { continue; @@ -1620,8 +1620,17 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, * now that we know the INIT/INIT-ACK are in place, create a new TCB * and popluate */ + + /* + * Here we do a trick, we set in NULL for the proc/thread argument. + * We do this since in effect we only use the p argument when the + * socket is unbound and we must do an implicit bind. Since we are + * getting a cookie, we cannot be unbound. + */ stcb = sctp_aloc_assoc(inp, init_src, 0, &error, - ntohl(initack_cp->init.initiate_tag), vrf_id); + ntohl(initack_cp->init.initiate_tag), vrf_id, + (struct thread *)NULL + ); if (stcb == NULL) { struct mbuf *op_err; @@ -4601,6 +4610,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, vrf_id); SCTP_TCB_UNLOCK(stcb); goto out_now; + /* sa_ignore NOTREACHED */ break; case SCTP_STATE_EMPTY: /* should not happen */ case SCTP_STATE_INUSE: /* should not happen */ @@ -4609,6 +4619,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset, default: SCTP_TCB_UNLOCK(stcb); goto out_now; + /* sa_ignore NOTREACHED */ break; case SCTP_STATE_OPEN: case SCTP_STATE_SHUTDOWN_SENT: diff --git a/sys/netinet/sctp_os_bsd.h b/sys/netinet/sctp_os_bsd.h index 1c2ad7dfae8f..a6cdbf6ce672 100644 --- a/sys/netinet/sctp_os_bsd.h +++ b/sys/netinet/sctp_os_bsd.h @@ -49,7 +49,6 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #include #include #include diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index 4ebeae6bbe99..a46c78263fe7 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -10965,7 +10965,9 @@ sctp_lower_sosend(struct socket *so, } /* get an asoc/stcb struct */ vrf_id = inp->def_vrf_id; - stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id); + stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id, + p + ); if (stcb == NULL) { /* Error is setup for us in the call */ goto out_unlocked; diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c index 2ffc0fa6fad0..00960473a724 100644 --- a/sys/netinet/sctp_pcb.c +++ b/sys/netinet/sctp_pcb.c @@ -2154,7 +2154,11 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr, /* already did a bind, subsequent binds NOT allowed ! */ return (EINVAL); } - if (jailed(p->td_ucred)) { +#ifdef INVARIANTS + if (p == NULL) + panic("null proc/thread"); +#endif + if (p && jailed(p->td_ucred)) { prison = 1; } if (addr != NULL) { @@ -3312,8 +3316,12 @@ sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr, */ struct sctp_tcb * sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr, - int for_a_init, int *error, uint32_t override_tag, uint32_t vrf_id) + int for_a_init, int *error, uint32_t override_tag, uint32_t vrf_id, + struct thread *p +) { + /* note the p argument is only valid in unbound sockets */ + struct sctp_tcb *stcb; struct sctp_association *asoc; struct sctpasochead *head; @@ -3393,7 +3401,7 @@ sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr, */ if ((err = sctp_inpcb_bind(inp->sctp_socket, (struct sockaddr *)NULL, - (struct thread *)NULL + p ))) { /* bind error, probably perm */ *error = err; @@ -4920,7 +4928,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, * strange, address is in another * assoc? straighten out locks. */ - SCTP_TCB_UNLOCK(stcb_tmp); + if (stcb_tmp) + SCTP_TCB_UNLOCK(stcb_tmp); + if (stcb->asoc.state == 0) { /* the assoc was freed? */ return (-12); @@ -4995,7 +5005,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m, * strange, address is in another * assoc? straighten out locks. */ - SCTP_TCB_UNLOCK(stcb_tmp); + if (stcb_tmp) + SCTP_TCB_UNLOCK(stcb_tmp); + if (stcb->asoc.state == 0) { /* the assoc was freed? */ return (-21); diff --git a/sys/netinet/sctp_pcb.h b/sys/netinet/sctp_pcb.h index 85ec67d551ee..db0fcd81bcc6 100644 --- a/sys/netinet/sctp_pcb.h +++ b/sys/netinet/sctp_pcb.h @@ -510,7 +510,7 @@ void sctp_inpcb_free(struct sctp_inpcb *, int, int); struct sctp_tcb * sctp_aloc_assoc(struct sctp_inpcb *, struct sockaddr *, - int, int *, uint32_t, uint32_t); + int, int *, uint32_t, uint32_t, struct thread *); int sctp_free_assoc(struct sctp_inpcb *, struct sctp_tcb *, int, int); diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index 90bfa6c8ef59..192ea437ce69 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -1354,7 +1354,9 @@ sctp_do_connect_x(struct socket *so, struct sctp_inpcb *inp, void *optval, vrf_id = inp->def_vrf_id; /* We are GOOD to go */ - stcb = sctp_aloc_assoc(inp, sa, 1, &error, 0, vrf_id); + stcb = sctp_aloc_assoc(inp, sa, 1, &error, 0, vrf_id, + (struct thread *)p + ); if (stcb == NULL) { /* Gak! no memory */ goto out_now; @@ -3631,7 +3633,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, case SCTP_BINDX_ADD_ADDR: { struct sctp_getaddresses *addrs; - int sz; + size_t sz; struct thread *td; int prison = 0; @@ -3666,7 +3668,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, case SCTP_BINDX_REM_ADDR: { struct sctp_getaddresses *addrs; - int sz; + size_t sz; struct thread *td; int prison = 0; @@ -3844,7 +3846,7 @@ sctp_connect(struct socket *so, struct sockaddr *addr, struct thread *p) } vrf_id = inp->def_vrf_id; /* We are GOOD to go */ - stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id); + stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id, p); if (stcb == NULL) { /* Gak! no memory */ goto out_now; diff --git a/sys/netinet6/sctp6_usrreq.c b/sys/netinet6/sctp6_usrreq.c index fd8db0f9baf0..ca72838dd5bf 100644 --- a/sys/netinet6/sctp6_usrreq.c +++ b/sys/netinet6/sctp6_usrreq.c @@ -1034,7 +1034,7 @@ sctp6_connect(struct socket *so, struct sockaddr *addr, struct thread *p) return (EALREADY); } /* We are GOOD to go */ - stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id); + stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id, p); SCTP_ASOC_CREATE_UNLOCK(inp); if (stcb == NULL) { /* Gak! no memory */