Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 May 2023 00:29:44 GMT
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 256b5d40e550 - stable/13 - mrsas: Don't leak a stack pointer value in the softc.
Message-ID:  <202305030029.3430Ti2e072086@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=256b5d40e5502323dddffd5a8db2ab431e9eea61

commit 256b5d40e5502323dddffd5a8db2ab431e9eea61
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-12-21 18:45:26 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2023-05-03 00:12:37 +0000

    mrsas: Don't leak a stack pointer value in the softc.
    
    mrsas_issue_blocked_cmd stores a pointer to an on-stack variable
    in its softc so that the driver can call wakeup() on the correct
    pointer.  Once the loop around tsleep() has finished however, the
    pointer is no longer needed and any further use would be invalid.
    Clear sc->chan to NULL after the loop.
    
    Reported by:    GCC -Wdangling-pointer
    Differential Revision:  https://reviews.freebsd.org/D37628
    
    (cherry picked from commit 9f0c0e6eede6aedb60e12888fc9751c40b364dc9)
---
 sys/dev/mrsas/mrsas.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/dev/mrsas/mrsas.c b/sys/dev/mrsas/mrsas.c
index 73c2ae2b0e2b..669147a89bcb 100644
--- a/sys/dev/mrsas/mrsas.c
+++ b/sys/dev/mrsas/mrsas.c
@@ -4012,6 +4012,7 @@ mrsas_issue_blocked_cmd(struct mrsas_softc *sc, struct mrsas_mfi_cmd *cmd)
 			}
 		}
 	}
+	sc->chan = NULL;
 
 	if (cmd->cmd_status == 0xFF) {
 		device_printf(sc->mrsas_dev, "DCMD timed out after %d "



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202305030029.3430Ti2e072086>