Date: Thu, 12 Jan 2012 17:30:45 +0000 (UTC) From: Luigi Rizzo <luigi@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r230024 - head/sys/dev/e1000 Message-ID: <201201121730.q0CHUjCw019586@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: luigi Date: Thu Jan 12 17:30:44 2012 New Revision: 230024 URL: http://svn.freebsd.org/changeset/base/230024 Log: clear the pointer after freeing the mbuf. Without that, we risk a double free if the subsequent mbuf allocation fails. This bug is not netmap-related and was introduced in rev. 228387 Modified: head/sys/dev/e1000/if_em.c Modified: head/sys/dev/e1000/if_em.c ============================================================================== --- head/sys/dev/e1000/if_em.c Thu Jan 12 17:28:00 2012 (r230023) +++ head/sys/dev/e1000/if_em.c Thu Jan 12 17:30:44 2012 (r230024) @@ -4044,6 +4044,7 @@ em_setup_receive_ring(struct rx_ring *rx BUS_DMASYNC_POSTREAD); bus_dmamap_unload(rxr->rxtag, rxbuf->map); m_freem(rxbuf->m_head); + rxbuf->m_head = NULL; /* mark as freed */ } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201121730.q0CHUjCw019586>