svn commit: r331825 - head/sys/dev/mlx5/mlx5_core

[Hans Petter Selasky]

Author: hselasky
Date: Fri Mar 30 19:50:45 2018
New Revision: 331825
URL: https://svnweb.freebsd.org/changeset/base/331825

Log:
  Fix for use after free in mlx5core.
  
  Make sure the command completion handler is not called when the device is
  in internal error state. This can easily trigger use after free situations.
  
  MFC after:    3 days
  Sponsored by: Mellanox Technologies

Modified:
  head/sys/dev/mlx5/mlx5_core/mlx5_eq.c

Modified: head/sys/dev/mlx5/mlx5_core/mlx5_eq.c
==============================================================================
--- head/sys/dev/mlx5/mlx5_core/mlx5_eq.c       Fri Mar 30 19:49:35 2018        
(r331824)
+++ head/sys/dev/mlx5/mlx5_core/mlx5_eq.c       Fri Mar 30 19:50:45 2018        
(r331825)
@@ -254,7 +254,8 @@ static int mlx5_eq_int(struct mlx5_core_dev *dev, stru
                        break;
 
                case MLX5_EVENT_TYPE_CMD:
-                       mlx5_cmd_comp_handler(dev, 
be32_to_cpu(eqe->data.cmd.vector));
+                       if (dev->state != MLX5_DEVICE_STATE_INTERNAL_ERROR)
+                               mlx5_cmd_comp_handler(dev, 
be32_to_cpu(eqe->data.cmd.vector));
                        break;
 
                case MLX5_EVENT_TYPE_PORT_CHANGE:
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"