Author: jhb
Date: Fri Jan 27 23:03:28 2017
New Revision: 312904
URL: https://svnweb.freebsd.org/changeset/base/312904
Log:
Don't drop a reference to the TOE PCB in undo_offload_socket().
undo_offload_socket() is only called by t4_connect() during a connection
setup failure, but t4_connect() still owns the TOE PCB and frees ita
after undo_offload_socket() returns. Release a reference in
undo_offload_socket() resulted in a double-free which panicked when
t4_connect() performed the second free. The reference release was
added to undo_offload_socket() incorrectly in r299210.
MFC after: 1 week
Sponsored by: Chelsio Communications
Modified:
head/sys/dev/cxgbe/tom/t4_tom.c
Modified: head/sys/dev/cxgbe/tom/t4_tom.c
==============================================================================
--- head/sys/dev/cxgbe/tom/t4_tom.c Fri Jan 27 22:30:27 2017
(r312903)
+++ head/sys/dev/cxgbe/tom/t4_tom.c Fri Jan 27 23:03:28 2017
(r312904)
@@ -273,8 +273,6 @@ undo_offload_socket(struct socket *so)
mtx_lock(&td->toep_list_lock);
TAILQ_REMOVE(&td->toep_list, toep, link);
mtx_unlock(&td->toep_list_lock);
-
- free_toepcb(toep);
}
static void
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
