FreeBSD Mail Archives

Date:      Mon, 24 May 2010 17:12:44 +0000 (UTC)
From:      Pyun YongHyeon <yongari@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r208512 - head/sys/dev/sge
Message-ID:  <201005241712.o4OHCiLv062562@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: yongari
Date: Mon May 24 17:12:44 2010
New Revision: 208512
URL: http://svn.freebsd.org/changeset/base/208512

Log:
  sge_encap() can sometimes return an error with m_head set to NULL.
  Make sure not to requeue freed mbuf in sge_start_locked(). This
  should fix NULL pointer dereference panic.
  
  Reported by:	Nikolay Denev <ndenev <> gmail dot com>
  Submitted by:	jhb

Modified:
  head/sys/dev/sge/if_sge.c

Modified: head/sys/dev/sge/if_sge.c
==============================================================================
--- head/sys/dev/sge/if_sge.c	Mon May 24 16:42:55 2010	(r208511)
+++ head/sys/dev/sge/if_sge.c	Mon May 24 17:12:44 2010	(r208512)
@@ -1588,7 +1588,8 @@ sge_start_locked(struct ifnet *ifp)
 		if (m_head == NULL)
 			break;
 		if (sge_encap(sc, &m_head)) {
-			IFQ_DRV_PREPEND(&ifp->if_snd, m_head);
+			if (m_head != NULL)
+				IFQ_DRV_PREPEND(&ifp->if_snd, m_head);
 			ifp->if_drv_flags |= IFF_DRV_OACTIVE;
 			break;
 		}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201005241712.o4OHCiLv062562>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation