FreeBSD Mail Archives

Date:      Mon, 31 May 2010 22:07:19 +0000 (UTC)
From:      Pyun YongHyeon <yongari@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
Subject:   svn commit: r208678 - stable/7/sys/dev/sge
Message-ID:  <201005312207.o4VM7Jer036474@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: yongari
Date: Mon May 31 22:07:18 2010
New Revision: 208678
URL: http://svn.freebsd.org/changeset/base/208678

Log:
  MFC r208512:
    sge_encap() can sometimes return an error with m_head set to NULL.
    Make sure not to requeue freed mbuf in sge_start_locked(). This
    should fix NULL pointer dereference panic.
  
    Reported by:	Nikolay Denev <ndenev <> gmail dot com>
    Submitted by:	jhb

Modified:
  stable/7/sys/dev/sge/if_sge.c
Directory Properties:
  stable/7/sys/   (props changed)
  stable/7/sys/cddl/contrib/opensolaris/   (props changed)
  stable/7/sys/contrib/dev/acpica/   (props changed)
  stable/7/sys/contrib/pf/   (props changed)

Modified: stable/7/sys/dev/sge/if_sge.c
==============================================================================
--- stable/7/sys/dev/sge/if_sge.c	Mon May 31 22:03:56 2010	(r208677)
+++ stable/7/sys/dev/sge/if_sge.c	Mon May 31 22:07:18 2010	(r208678)
@@ -1588,7 +1588,8 @@ sge_start_locked(struct ifnet *ifp)
 		if (m_head == NULL)
 			break;
 		if (sge_encap(sc, &m_head)) {
-			IFQ_DRV_PREPEND(&ifp->if_snd, m_head);
+			if (m_head != NULL)
+				IFQ_DRV_PREPEND(&ifp->if_snd, m_head);
 			ifp->if_drv_flags |= IFF_DRV_OACTIVE;
 			break;
 		}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201005312207.o4VM7Jer036474>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation