> On 15 Mar 2022, at 00:45, Alexandr Nedvedicky > <alexandr.nedvedi...@oracle.com> wrote: > > Hello, > > On Tue, Mar 15, 2022 at 12:37:00AM +0300, Vitaliy Makkoveev wrote: >> Hi, >> >> Why do you want to initialize `ipa’ variable in >> ipsp_pending_acquire() and ipsec_get_acquire()? This doesn’t >> require. > > after looking at code with bluhm's diff applied I see this: > > 936 struct ipsec_acquire * > 937 ipsec_get_acquire(u_int32_t seq) > > 938 { > 939 struct ipsec_acquire *ipa; > > 940 > 941 NET_ASSERT_LOCKED(); > > 942 > 943 mtx_enter(&ipsec_acquire_mtx); > 944 TAILQ_FOREACH(ipa, &ipsec_acquire_head, ipa_next) { > 945 if (ipa->ipa_seq == seq) { > 946 refcnt_take(&ipa->ipa_refcnt); > 947 break; > 948 } > 949 } > 950 mtx_leave(&ipsec_acquire_mtx); > > 951 > 952 return ipa; > > 953 } > > I think local var `ipa` needs to be initialized to NULL > to avoid random value/pointer when no `ipa` for given `seq` > is found. > > ipsp_pending_acquire() plays the same gamble.
#define TAILQ_FOREACH(var, head, field) \ for((var) = TAILQ_FIRST(head); \ (var) != TAILQ_END(head); \ (var) = TAILQ_NEXT(var, field)) TAILQ_END() defined as NULL. So it will be NULL when the whole `ipsec_acquire_head’ was processed but `ipa’ was not found. Also the initial `ipa’ value will be overwritten within the TAILQ_FOREACH() loop processing. In all cases.