Date: Wed, 2 Dec 2020 17:37:32 +0000 (UTC) From: Mitchell Horne <mhorne@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r368281 - head/sys/dev/e1000 Message-ID: <202012021737.0B2HbWJU027775@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mhorne Date: Wed Dec 2 17:37:32 2020 New Revision: 368281 URL: https://svnweb.freebsd.org/changeset/base/368281 Log: em: fix a null de-reference in em_free_pci_resources A failure in iflib_device_register() can result in em_free_pci_resources() being called after receive queues have already been freed. In particular, a failure to allocate IRQ resources will goto fail_queues, where IFDI_QUEUES_FREE() will be called via iflib_tx_structures_free(), preceding the call to IFDI_DETACH(). Cope with this by checking adapter->rx_queues before dereferencing it. A similar check is present in ixgbe(4) and ixl(4). MFC after: 1 week Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D27260 Modified: head/sys/dev/e1000/if_em.c Modified: head/sys/dev/e1000/if_em.c ============================================================================== --- head/sys/dev/e1000/if_em.c Wed Dec 2 17:22:29 2020 (r368280) +++ head/sys/dev/e1000/if_em.c Wed Dec 2 17:37:32 2020 (r368281) @@ -2234,8 +2234,10 @@ em_free_pci_resources(if_ctx_t ctx) if (adapter->intr_type == IFLIB_INTR_MSIX) iflib_irq_free(ctx, &adapter->irq); - for (int i = 0; i < adapter->rx_num_queues; i++, que++) { - iflib_irq_free(ctx, &que->que_irq); + if (que != NULL) { + for (int i = 0; i < adapter->rx_num_queues; i++, que++) { + iflib_irq_free(ctx, &que->que_irq); + } } if (adapter->memory != NULL) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012021737.0B2HbWJU027775>