Date: Tue, 27 Jan 2015 21:02:22 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 197139] Double cleanup in igb_attach Message-ID: <bug-197139-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197139 Bug ID: 197139 Summary: Double cleanup in igb_attach Product: Base System Version: 11.0-CURRENT Hardware: i386 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: rupavath@juniper.net igb_attach has this code err_late: igb_detach(dev); igb_free_transmit_structures(adapter); igb_free_receive_structures(adapter); igb_release_hw_control(adapter); err_pci: igb_free_pci_resources(adapter); if (adapter->ifp != NULL) if_free(adapter->ifp); free(adapter->mta, M_DEVBUF); IGB_CORE_LOCK_DESTROY(adapter); return (error); However, I see that igb_detach does all this cleanup when it's successfully completed. Only exception I see is that it return EBUSY if vlantrunk is in use /* Make sure VLANS are not using driver */ if (if_vlantrunkinuse(ifp)) { device_printf(dev,"Vlan in use, detach first\n"); return (EBUSY); } This results in duplicate cleanup in igb_attach and can cause crashes. The fix would be the following. Index: if_igb.c =================================================================== --- if_igb.c (revision 298053) +++ if_igb.c (working copy) @@ -723,7 +723,8 @@ igb_attach(device_t dev) return (0); err_late: - igb_detach(dev); + if(igb_detach(dev) == 0) /* igb_detach did the cleanup */ + return(error); igb_free_transmit_structures(adapter); igb_free_receive_structures(adapter); igb_release_hw_control(adapter); The issue exists in stable/10 as well as current. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-197139-8>