Date: Wed, 2 Jun 2021 13:37:15 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: d88bd7d80ff2 - stable/12 - cxgb: Avoid a read-after-free in get_packet() when cxgb_debug is on Message-ID: <202106021337.152DbF4d012351@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=d88bd7d80ff2a318aa6dc3c710538f5ddc5a1a63 commit d88bd7d80ff2a318aa6dc3c710538f5ddc5a1a63 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2021-05-26 14:02:19 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2021-06-02 13:36:35 +0000 cxgb: Avoid a read-after-free in get_packet() when cxgb_debug is on PR: 255863 MFC after: 1 week (cherry picked from commit 16f8f89c5c1f324a15a7e0607f03f041a230a572) --- sys/dev/cxgb/cxgb_sge.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/dev/cxgb/cxgb_sge.c b/sys/dev/cxgb/cxgb_sge.c index 07eb91a4d04c..5c5d1f902f30 100644 --- a/sys/dev/cxgb/cxgb_sge.c +++ b/sys/dev/cxgb/cxgb_sge.c @@ -2778,6 +2778,7 @@ get_packet(adapter_t *adap, unsigned int drop_thres, struct sge_qset *qs, if (mh->mh_tail == NULL) { log(LOG_ERR, "discarding intermediate descriptor entry\n"); m_freem(m); + m = NULL; break; } mh->mh_tail->m_next = m; @@ -2785,7 +2786,7 @@ get_packet(adapter_t *adap, unsigned int drop_thres, struct sge_qset *qs, mh->mh_head->m_pkthdr.len += len; break; } - if (cxgb_debug) + if (cxgb_debug && m != NULL) printf("len=%d pktlen=%d\n", m->m_len, m->m_pkthdr.len); done: if (++fl->cidx == fl->size)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106021337.152DbF4d012351>