Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 5 Feb 2016 03:46:53 +0000 (UTC)
From:      Sepherosa Ziehau <sephe@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r295295 - head/sys/dev/hyperv/storvsc
Message-ID:  <201602050346.u153krZ9042417@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: sephe
Date: Fri Feb  5 03:46:53 2016
New Revision: 295295
URL: https://svnweb.freebsd.org/changeset/base/295295

Log:
  hyperv/stor: Fix the NULL pointer dereference
  
  Reported by:	Netapp
  Submitted by:	Hongjiang Zhang <honzhan microsoft com>
  Reviewed by:	adrian, sephe, Dexuan Cui <decui microsoft com>
  Approved by:	adrian (mentor)
  MFC after:	1 week
  Sponsored by:	Microsoft OSTC
  Differential Revision:	https://reviews.freebsd.org/D5097

Modified:
  head/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c

Modified: head/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c
==============================================================================
--- head/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c	Fri Feb  5 03:20:27 2016	(r295294)
+++ head/sys/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c	Fri Feb  5 03:46:53 2016	(r295295)
@@ -1524,13 +1524,12 @@ static void
 storvsc_destroy_bounce_buffer(struct sglist *sgl)
 {
 	struct hv_sgl_node *sgl_node = NULL;
-
-	sgl_node = LIST_FIRST(&g_hv_sgl_page_pool.in_use_sgl_list);
-	LIST_REMOVE(sgl_node, link);
-	if (NULL == sgl_node) {
+	if (LIST_EMPTY(&g_hv_sgl_page_pool.in_use_sgl_list)) {
 		printf("storvsc error: not enough in use sgl\n");
 		return;
 	}
+	sgl_node = LIST_FIRST(&g_hv_sgl_page_pool.in_use_sgl_list);
+	LIST_REMOVE(sgl_node, link);
 	sgl_node->sgl_data = sgl;
 	LIST_INSERT_HEAD(&g_hv_sgl_page_pool.free_sgl_list, sgl_node, link);
 }
@@ -1556,12 +1555,12 @@ storvsc_create_bounce_buffer(uint16_t se
 	struct hv_sgl_node *sgl_node = NULL;	
 
 	/* get struct sglist from free_sgl_list */
-	sgl_node = LIST_FIRST(&g_hv_sgl_page_pool.free_sgl_list);
-	LIST_REMOVE(sgl_node, link);
-	if (NULL == sgl_node) {
+	if (LIST_EMPTY(&g_hv_sgl_page_pool.free_sgl_list)) {
 		printf("storvsc error: not enough free sgl\n");
 		return NULL;
 	}
+	sgl_node = LIST_FIRST(&g_hv_sgl_page_pool.free_sgl_list);
+	LIST_REMOVE(sgl_node, link);
 	bounce_sgl = sgl_node->sgl_data;
 	LIST_INSERT_HEAD(&g_hv_sgl_page_pool.in_use_sgl_list, sgl_node, link);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201602050346.u153krZ9042417>