Date: Mon, 7 Sep 2015 23:16:40 +0000 (UTC) From: Adrian Chadd <adrian@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r287543 - head/sys/dev/netmap Message-ID: <201509072316.t87NGePE033913@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: adrian Date: Mon Sep 7 23:16:39 2015 New Revision: 287543 URL: https://svnweb.freebsd.org/changeset/base/287543 Log: Don't call enable_all_rings if the adapter has been freed. This is a subtle use-after-free race that results in some very undesirable hang behaviour. Reviewed by: pkelsey Obtained from: Kip Macy, NextBSD (https://github.com/NextBSD/NextBSD/commit/91a9bd1dbb33dafb41684d054e59d73976de9654) Modified: head/sys/dev/netmap/netmap.c Modified: head/sys/dev/netmap/netmap.c ============================================================================== --- head/sys/dev/netmap/netmap.c Mon Sep 7 21:59:11 2015 (r287542) +++ head/sys/dev/netmap/netmap.c Mon Sep 7 23:16:39 2015 (r287543) @@ -2841,10 +2841,12 @@ void netmap_detach(struct ifnet *ifp) { struct netmap_adapter *na = NA(ifp); + int skip; if (!na) return; + skip = 0; NMG_LOCK(); netmap_disable_all_rings(ifp); na->ifp = NULL; @@ -2856,10 +2858,11 @@ netmap_detach(struct ifnet *ifp) * the driver is gone. */ if (na->na_flags & NAF_NATIVE) { - netmap_adapter_put(na); + skip = netmap_adapter_put(na); } /* give them a chance to notice */ - netmap_enable_all_rings(ifp); + if (skip == 0) + netmap_enable_all_rings(ifp); NMG_UNLOCK(); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201509072316.t87NGePE033913>