Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 Dec 2007 05:46:13 GMT
From:      Weongyo Jeong <weongyo.jeong@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/118439: [PATCH] if_ndis - fix a panic when ndis_attach() failed.
Message-ID:  <200712050546.lB55kDwi039074@www.freebsd.org>
Resent-Message-ID: <200712050550.lB55o1CM049128@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         118439
>Category:       kern
>Synopsis:       [PATCH] if_ndis - fix a panic when ndis_attach() failed.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Dec 05 05:50:01 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator:     Weongyo Jeong
>Release:        FreeBSD-CURRENT
>Organization:
CDNetworks
>Environment:
>Description:
When ndis_attach() failed to initialize a device, it always call ndis_detach().
However, the problem is that it can try to call taskqueue_drain() or taskqueue_free() of sc->ndis_tq before taskqueue_create() function is called.

sc->ndis_tq variable is only initialized when a driver module is for wireless NICs.

This problem can drive the kernel to a panic.

>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: if_ndis.c
===================================================================
RCS file: /data/cvs/src/sys/dev/if_ndis/if_ndis.c,v
retrieving revision 1.128
diff -u -r1.128 if_ndis.c
--- if_ndis.c	4 Dec 2007 20:48:32 -0000	1.128
+++ if_ndis.c	5 Dec 2007 02:49:17 -0000
@@ -958,7 +958,8 @@
 	} else
 		NDIS_UNLOCK(sc);
 
-	taskqueue_drain(sc->ndis_tq, &sc->ndis_scantask);
+	if (sc->ndis_80211)
+		taskqueue_drain(sc->ndis_tq, &sc->ndis_scantask);
 
 	if (sc->ndis_tickitem != NULL)
 		IoFreeWorkItem(sc->ndis_tickitem);
@@ -1017,7 +1018,8 @@
 	if (sc->ndis_iftype == PCIBus)
 		bus_dma_tag_destroy(sc->ndis_parent_tag);
 
-	taskqueue_free(sc->ndis_tq);
+	if (sc->ndis_80211)
+		taskqueue_free(sc->ndis_tq);
 	return(0);
 }
 


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200712050546.lB55kDwi039074>