svn commit: r350306 - head/sys/net
Eric Joyner
erj at FreeBSD.org
Wed Jul 24 21:43:42 UTC 2019
Author: erj
Date: Wed Jul 24 21:43:41 2019
New Revision: 350306
URL: https://svnweb.freebsd.org/changeset/base/350306
Log:
iflib: fix dangling device softc pointer
Commit text by Jake:
If a driver's IFDI_ATTACH_PRE function fails, the iflib_device_register
function will free the ctx pointer. However, it does not reset the
device softc pointer to NULL.
This will result in memory corruption as a future access to the now
invalid pointer will corrupt memory that is later allocated on top of
the same memory location.
The iflib_device_deregister function correctly resets the softc pointer
by using device_set_softc().
This clears up the invalid dangling pointer and prevents memory
corruption that could lead to a panic or undefined behavior if the
device's driver failed to attach.
Signed-off-by: Jacob Keller <jacob.e.keller at intel.com>
Submitted by: Jacob Keller <jacob.e.keller at intel.com>
Reviewed by: erj@, gallatin@
MFC after: 1 week
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D21003
Modified:
head/sys/net/iflib.c
Modified: head/sys/net/iflib.c
==============================================================================
--- head/sys/net/iflib.c Wed Jul 24 21:40:34 2019 (r350305)
+++ head/sys/net/iflib.c Wed Jul 24 21:43:41 2019 (r350306)
@@ -4785,6 +4785,7 @@ fail_queues:
fail_unlock:
CTX_UNLOCK(ctx);
fail_ctx_free:
+ device_set_softc(ctx->ifc_dev, NULL);
if (ctx->ifc_flags & IFC_SC_ALLOCATED)
free(ctx->ifc_softc, M_IFLIB);
free(ctx, M_IFLIB);
More information about the svn-src-all
mailing list