[Bug 197139] Double cleanup in igb_attach

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197139

            Bug ID: 197139
           Summary: Double cleanup in igb_attach
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: i386
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: rupavath at juniper.net

igb_attach has this code 

err_late:
        igb_detach(dev);
        igb_free_transmit_structures(adapter);
        igb_free_receive_structures(adapter);
        igb_release_hw_control(adapter);
err_pci:
        igb_free_pci_resources(adapter);
        if (adapter->ifp != NULL)
                if_free(adapter->ifp);
        free(adapter->mta, M_DEVBUF);
        IGB_CORE_LOCK_DESTROY(adapter);

        return (error);

However, I see that igb_detach does all this cleanup when it's successfully
completed. Only exception I see is that it return EBUSY if vlantrunk is in use
        /* Make sure VLANS are not using driver */
        if (if_vlantrunkinuse(ifp)) {
                device_printf(dev,"Vlan in use, detach first\n");
                return (EBUSY);
        }

This results in duplicate cleanup in igb_attach and can cause crashes. 
The fix would be the following. 
Index: if_igb.c
===================================================================
--- if_igb.c    (revision 298053)
+++ if_igb.c    (working copy)
@@ -723,7 +723,8 @@ igb_attach(device_t dev)
     return (0);

 err_late:
-    igb_detach(dev);
+    if(igb_detach(dev) == 0) /* igb_detach did the cleanup */
+        return(error); 
     igb_free_transmit_structures(adapter);
     igb_free_receive_structures(adapter);
     igb_release_hw_control(adapter);


The issue exists in stable/10 as well as current.

-- 
You are receiving this mail because:
You are the assignee for the bug.