svn commit: r301855 - stable/10/sys/dev/hyperv/storvsc

Sun, 12 Jun 2016 22:14:48 -0700 

Author: sephe
Date: Mon Jun 13 05:13:52 2016
New Revision: 301855
URL: https://svnweb.freebsd.org/changeset/base/301855

Log:
  MFC 295295
  
      hyperv/stor: Fix the NULL pointer dereference
  
      Reported by:        Netapp
      Submitted by:       Hongjiang Zhang <honzhan microsoft com>
      Reviewed by:        adrian, sephe, Dexuan Cui <decui microsoft com>
      Approved by:        adrian (mentor)
      MFC after:  1 week
      Sponsored by:       Microsoft OSTC
      Differential Revision:      https://reviews.freebsd.org/D5097

Modified:
  stable/10/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c
==============================================================================
--- stable/10/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c   Mon Jun 13 
05:06:07 2016        (r301854)
+++ stable/10/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c   Mon Jun 13 
05:13:52 2016        (r301855)
@@ -1561,13 +1561,12 @@ static void
 storvsc_destroy_bounce_buffer(struct sglist *sgl)
 {
        struct hv_sgl_node *sgl_node = NULL;
-
-       sgl_node = LIST_FIRST(&g_hv_sgl_page_pool.in_use_sgl_list);
-       LIST_REMOVE(sgl_node, link);
-       if (NULL == sgl_node) {
+       if (LIST_EMPTY(&g_hv_sgl_page_pool.in_use_sgl_list)) {
                printf("storvsc error: not enough in use sgl\n");
                return;
        }
+       sgl_node = LIST_FIRST(&g_hv_sgl_page_pool.in_use_sgl_list);
+       LIST_REMOVE(sgl_node, link);
        sgl_node->sgl_data = sgl;
        LIST_INSERT_HEAD(&g_hv_sgl_page_pool.free_sgl_list, sgl_node, link);
 }
@@ -1593,12 +1592,12 @@ storvsc_create_bounce_buffer(uint16_t se
        struct hv_sgl_node *sgl_node = NULL;    
 
        /* get struct sglist from free_sgl_list */
-       sgl_node = LIST_FIRST(&g_hv_sgl_page_pool.free_sgl_list);
-       LIST_REMOVE(sgl_node, link);
-       if (NULL == sgl_node) {
+       if (LIST_EMPTY(&g_hv_sgl_page_pool.free_sgl_list)) {
                printf("storvsc error: not enough free sgl\n");
                return NULL;
        }
+       sgl_node = LIST_FIRST(&g_hv_sgl_page_pool.free_sgl_list);
+       LIST_REMOVE(sgl_node, link);
        bounce_sgl = sgl_node->sgl_data;
        LIST_INSERT_HEAD(&g_hv_sgl_page_pool.in_use_sgl_list, sgl_node, link);
 
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "[email protected]"

Reply via email to