CVS commit: src/sys/dev/ic

Taylor R Campbell Fri, 28 Jul 2017 18:46:02 -0700

Module Name:    src
Committed By:   riastradh
Date:           Sat Jul 29 01:45:22 UTC 2017


Modified Files:
        src/sys/dev/ic: i82596.c

Log Message:
Null out sc_rx_mbuf[i] after m_freem to avoid double-free later.

>From Ilja Van Sprundel.

Also null out sc_tx_mbuf[i] after m_freem, out of paranoia.

XXX Not entirely clear to how tx mbufs are freed, but no way to test
this since it's ews4800mips- and hp700-only, so not keen to make any
more elaborate changes...


To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/sys/dev/ic/i82596.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/ic/i82596.c
diff -u src/sys/dev/ic/i82596.c:1.36 src/sys/dev/ic/i82596.c:1.37
--- src/sys/dev/ic/i82596.c:1.36	Mon Feb 20 07:43:29 2017
+++ src/sys/dev/ic/i82596.c	Sat Jul 29 01:45:22 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: i82596.c,v 1.36 2017/02/20 07:43:29 ozaki-r Exp $ */
+/* $NetBSD: i82596.c,v 1.37 2017/07/29 01:45:22 riastradh Exp $ */
 
 /*
  * Copyright (c) 2003 Jochen Kunz.
@@ -43,7 +43,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: i82596.c,v 1.36 2017/02/20 07:43:29 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: i82596.c,v 1.37 2017/07/29 01:45:22 riastradh Exp $");
 
 /* autoconfig and device stuff */
 #include <sys/param.h>
@@ -753,6 +753,7 @@ iee_start(struct ifnet *ifp)
 				printf("%s: iee_start: can't allocate mbuf\n",
 				    device_xname(sc->sc_dev));
 				m_freem(sc->sc_tx_mbuf[t]);
+				sc->sc_tx_mbuf[t] = NULL;
 				t--;
 				continue;
 			}
@@ -762,6 +763,7 @@ iee_start(struct ifnet *ifp)
 				printf("%s: iee_start: can't allocate mbuf "
 				    "cluster\n", device_xname(sc->sc_dev));
 				m_freem(sc->sc_tx_mbuf[t]);
+				sc->sc_tx_mbuf[t] = NULL;
 				m_freem(m);
 				t--;
 				continue;
@@ -777,6 +779,7 @@ iee_start(struct ifnet *ifp)
 				printf("%s: iee_start: can't load TX DMA map\n",
 				    device_xname(sc->sc_dev));
 				m_freem(sc->sc_tx_mbuf[t]);
+				sc->sc_tx_mbuf[t] = NULL;
 				t--;
 				continue;
 			}
@@ -926,6 +929,7 @@ iee_init(struct ifnet *ifp)
 				printf("%s: iee_init: can't allocate mbuf"
 				    " cluster\n", device_xname(sc->sc_dev));
 				m_freem(sc->sc_rx_mbuf[r]);
+				sc->sc_rx_mbuf[r] = NULL;
 				err = 1;
 				break;
 			}
@@ -939,6 +943,7 @@ iee_init(struct ifnet *ifp)
 				printf("%s: iee_init: can't create RX "
 				    "DMA map\n", device_xname(sc->sc_dev));
 				m_freem(sc->sc_rx_mbuf[r]);
+				sc->sc_rx_mbuf[r] = NULL;
 				err = 1;
 				break;
 			}
@@ -948,6 +953,7 @@ iee_init(struct ifnet *ifp)
 			    device_xname(sc->sc_dev));
 			bus_dmamap_destroy(sc->sc_dmat, sc->sc_rx_map[r]);
 			m_freem(sc->sc_rx_mbuf[r]);
+			sc->sc_rx_mbuf[r] = NULL;
 			err = 1;
 			break;
 		}

CVS commit: src/sys/dev/ic

Reply via email to