Date: Wed, 24 Jul 2019 21:43:41 +0000 (UTC) From: Eric Joyner <erj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r350306 - head/sys/net Message-ID: <201907242143.x6OLhfWI092079@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: erj Date: Wed Jul 24 21:43:41 2019 New Revision: 350306 URL: https://svnweb.freebsd.org/changeset/base/350306 Log: iflib: fix dangling device softc pointer Commit text by Jake: If a driver's IFDI_ATTACH_PRE function fails, the iflib_device_register function will free the ctx pointer. However, it does not reset the device softc pointer to NULL. This will result in memory corruption as a future access to the now invalid pointer will corrupt memory that is later allocated on top of the same memory location. The iflib_device_deregister function correctly resets the softc pointer by using device_set_softc(). This clears up the invalid dangling pointer and prevents memory corruption that could lead to a panic or undefined behavior if the device's driver failed to attach. Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Submitted by: Jacob Keller <jacob.e.keller@intel.com> Reviewed by: erj@, gallatin@ MFC after: 1 week Sponsored by: Intel Corporation Differential Revision: https://reviews.freebsd.org/D21003 Modified: head/sys/net/iflib.c Modified: head/sys/net/iflib.c ============================================================================== --- head/sys/net/iflib.c Wed Jul 24 21:40:34 2019 (r350305) +++ head/sys/net/iflib.c Wed Jul 24 21:43:41 2019 (r350306) @@ -4785,6 +4785,7 @@ fail_queues: fail_unlock: CTX_UNLOCK(ctx); fail_ctx_free: + device_set_softc(ctx->ifc_dev, NULL); if (ctx->ifc_flags & IFC_SC_ALLOCATED) free(ctx->ifc_softc, M_IFLIB); free(ctx, M_IFLIB);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907242143.x6OLhfWI092079>