Date: Tue, 7 Feb 2017 15:13:19 +0000 (UTC) From: Ryan Stone <rstone@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r313388 - in stable/11/sys: dev/ixgbe net Message-ID: <201702071513.v17FDJA6026173@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rstone Date: Tue Feb 7 15:13:19 2017 New Revision: 313388 URL: https://svnweb.freebsd.org/changeset/base/313388 Log: MFC r312544 Fix reference to free memory in ixgbe/if_media.c When ixgbe receives an interrupt indicating that a new optical module may have been inserted, it discards all of its current media types by calling ifmedia_removeall() and then creates a new set of media types for the supported media on the new module. However, ifmedia_removeall() was maintaining a pointer to whatever the current media type was before the call to ifmedia_removealL(). The result of this was that any attempt to read the current media type of the interface (e.g. via ifconfig) would return potentially garbage data from free memory (or if one were particularly unlucky on an architecture that does not malloc() from a direct map, page fault the kernel). Fix this by NULL'ing out the current media field in if_media.c, and have ixgbe update the current media type after recreating them. Submitted by: Matt Joras <matt.joras AT gmail DOT com> Reviewed by: sbruno, erj MFC after: 1 week Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D9164 Modified: stable/11/sys/dev/ixgbe/if_ix.c stable/11/sys/net/if_media.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/dev/ixgbe/if_ix.c ============================================================================== --- stable/11/sys/dev/ixgbe/if_ix.c Tue Feb 7 15:12:27 2017 (r313387) +++ stable/11/sys/dev/ixgbe/if_ix.c Tue Feb 7 15:13:19 2017 (r313388) @@ -3878,6 +3878,7 @@ ixgbe_handle_msf(void *context, int pend /* Adjust media types shown in ifconfig */ ifmedia_removeall(&adapter->media); ixgbe_add_media_types(adapter); + ifmedia_set(&adapter->media, IFM_ETHER | IFM_AUTO); IXGBE_CORE_UNLOCK(adapter); return; } Modified: stable/11/sys/net/if_media.c ============================================================================== --- stable/11/sys/net/if_media.c Tue Feb 7 15:12:27 2017 (r313387) +++ stable/11/sys/net/if_media.c Tue Feb 7 15:13:19 2017 (r313388) @@ -107,6 +107,7 @@ ifmedia_removeall(ifm) LIST_REMOVE(entry, ifm_list); free(entry, M_IFADDR); } + ifm->ifm_cur = NULL; } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702071513.v17FDJA6026173>