svn commit: r361528 - head/sys/dev/ena
Marcin Wojtas
mw at FreeBSD.org
Tue May 26 16:02:11 UTC 2020
Author: mw
Date: Tue May 26 16:02:10 2020
New Revision: 361528
URL: https://svnweb.freebsd.org/changeset/base/361528
Log:
Fix double-free bug within ena_detach()
There is ena_free_all_io_rings_resources() called twice on device
detach:
ena_detach():
ena_destroy_device():
/* First call */
ena_free_all_io_rings_resources()
/* Second call */
ena_free_all_io_rings_resources()
The double-free causes panic() on kldunload, for example.
As the ena_destroy_device() is also called by ena_reset_task() it is
better to stay unchanged. Thus, remove the "Second call" of the function.
Submitted by: Maciej Bielski <mba at semihalf.com>
Obtained from: Semihalf
Sponsored by: Amazon, Inc.
Modified:
head/sys/dev/ena/ena.c
Modified: head/sys/dev/ena/ena.c
==============================================================================
--- head/sys/dev/ena/ena.c Tue May 26 16:00:30 2020 (r361527)
+++ head/sys/dev/ena/ena.c Tue May 26 16:02:10 2020 (r361528)
@@ -3695,8 +3695,6 @@ ena_detach(device_t pdev)
netmap_detach(adapter->ifp);
#endif /* DEV_NETMAP */
- ena_free_all_io_rings_resources(adapter);
-
ena_free_counters((counter_u64_t *)&adapter->hw_stats,
sizeof(struct ena_hw_stats));
ena_free_counters((counter_u64_t *)&adapter->dev_stats,
More information about the svn-src-all
mailing list