Module Name: src
Committed By: jakllsch
Date: Thu Sep 17 17:04:31 UTC 2020
Modified Files:
src/sys/dev/pci: virtio_pci.c
Log Message:
Ensure interrupt handles buffer is zeroed on allocation
Prevents crashes trying to deallocate interrupts at shutdown.
Found by kim and mlelstv, confirmed by me
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/sys/dev/pci/virtio_pci.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/pci/virtio_pci.c
diff -u src/sys/dev/pci/virtio_pci.c:1.11 src/sys/dev/pci/virtio_pci.c:1.12
--- src/sys/dev/pci/virtio_pci.c:1.11 Wed May 27 11:24:31 2020
+++ src/sys/dev/pci/virtio_pci.c Thu Sep 17 17:04:31 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: virtio_pci.c,v 1.11 2020/05/27 11:24:31 yamaguchi Exp $ */
+/* $NetBSD: virtio_pci.c,v 1.12 2020/09/17 17:04:31 jakllsch Exp $ */
/*
* Copyright (c) 2010 Minoura Makoto.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: virtio_pci.c,v 1.11 2020/05/27 11:24:31 yamaguchi Exp $");
+__KERNEL_RCSID(0, "$NetBSD: virtio_pci.c,v 1.12 2020/09/17 17:04:31 jakllsch Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -701,7 +701,7 @@ retry:
}
if (pci_intr_type(pc, psc->sc_ihp[0]) == PCI_INTR_TYPE_MSIX) {
- psc->sc_ihs = kmem_alloc(sizeof(*psc->sc_ihs) * nmsix,
+ psc->sc_ihs = kmem_zalloc(sizeof(*psc->sc_ihs) * nmsix,
KM_SLEEP);
error = virtio_pci_setup_msix_interrupts(sc, &psc->sc_pa);
@@ -718,7 +718,7 @@ retry:
psc->sc_ihs_num = nmsix;
psc->sc_config_offset = VIRTIO_CONFIG_DEVICE_CONFIG_MSI;
} else if (pci_intr_type(pc, psc->sc_ihp[0]) == PCI_INTR_TYPE_INTX) {
- psc->sc_ihs = kmem_alloc(sizeof(*psc->sc_ihs) * 1,
+ psc->sc_ihs = kmem_zalloc(sizeof(*psc->sc_ihs) * 1,
KM_SLEEP);
error = virtio_pci_setup_intx_interrupt(sc, &psc->sc_pa);
