> On 15 Mar 2022, at 00:45, Alexandr Nedvedicky
> <alexandr.nedvedi...@oracle.com> wrote:
>
> Hello,
>
> On Tue, Mar 15, 2022 at 12:37:00AM +0300, Vitaliy Makkoveev wrote:
>> Hi,
>>
>> Why do you want to initialize `ipa’ variable in
>> ipsp_pending_acquire() and ipsec_get_acquire()? This doesn’t
>> require.
>
> after looking at code with bluhm's diff applied I see this:
>
> 936 struct ipsec_acquire *
> 937 ipsec_get_acquire(u_int32_t seq)
>
> 938 {
> 939 struct ipsec_acquire *ipa;
>
> 940
> 941 NET_ASSERT_LOCKED();
>
> 942
> 943 mtx_enter(&ipsec_acquire_mtx);
> 944 TAILQ_FOREACH(ipa, &ipsec_acquire_head, ipa_next) {
> 945 if (ipa->ipa_seq == seq) {
> 946 refcnt_take(&ipa->ipa_refcnt);
> 947 break;
> 948 }
> 949 }
> 950 mtx_leave(&ipsec_acquire_mtx);
>
> 951
> 952 return ipa;
>
> 953 }
>
> I think local var `ipa` needs to be initialized to NULL
> to avoid random value/pointer when no `ipa` for given `seq`
> is found.
>
> ipsp_pending_acquire() plays the same gamble.
#define TAILQ_FOREACH(var, head, field) \
for((var) = TAILQ_FIRST(head); \
(var) != TAILQ_END(head); \
(var) = TAILQ_NEXT(var, field))
TAILQ_END() defined as NULL. So it will be NULL when the
whole `ipsec_acquire_head’ was processed but `ipa’ was
not found.
Also the initial `ipa’ value will be overwritten within
the TAILQ_FOREACH() loop processing. In all cases.
