Module Name: src Committed By: snj Date: Sat Aug 12 03:29:51 UTC 2017
Modified Files: src/sys/dev/ic [netbsd-7-0]: i82596.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1471): sys/dev/ic/i82596.c: revision 1.37 Null out sc_rx_mbuf[i] after m_freem to avoid double-free later. >From Ilja Van Sprundel. Also null out sc_tx_mbuf[i] after m_freem, out of paranoia. XXX Not entirely clear to how tx mbufs are freed, but no way to test this since it's ews4800mips- and hp700-only, so not keen to make any more elaborate changes... To generate a diff of this commit: cvs rdiff -u -r1.31.4.1 -r1.31.4.1.2.1 src/sys/dev/ic/i82596.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/dev/ic/i82596.c diff -u src/sys/dev/ic/i82596.c:1.31.4.1 src/sys/dev/ic/i82596.c:1.31.4.1.2.1 --- src/sys/dev/ic/i82596.c:1.31.4.1 Sat Feb 21 19:27:49 2015 +++ src/sys/dev/ic/i82596.c Sat Aug 12 03:29:51 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: i82596.c,v 1.31.4.1 2015/02/21 19:27:49 martin Exp $ */ +/* $NetBSD: i82596.c,v 1.31.4.1.2.1 2017/08/12 03:29:51 snj Exp $ */ /* * Copyright (c) 2003 Jochen Kunz. @@ -43,7 +43,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: i82596.c,v 1.31.4.1 2015/02/21 19:27:49 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: i82596.c,v 1.31.4.1.2.1 2017/08/12 03:29:51 snj Exp $"); /* autoconfig and device stuff */ #include <sys/param.h> @@ -754,6 +754,7 @@ iee_start(struct ifnet *ifp) printf("%s: iee_start: can't allocate mbuf\n", device_xname(sc->sc_dev)); m_freem(sc->sc_tx_mbuf[t]); + sc->sc_tx_mbuf[t] = NULL; t--; continue; } @@ -763,6 +764,7 @@ iee_start(struct ifnet *ifp) printf("%s: iee_start: can't allocate mbuf " "cluster\n", device_xname(sc->sc_dev)); m_freem(sc->sc_tx_mbuf[t]); + sc->sc_tx_mbuf[t] = NULL; m_freem(m); t--; continue; @@ -778,6 +780,7 @@ iee_start(struct ifnet *ifp) printf("%s: iee_start: can't load TX DMA map\n", device_xname(sc->sc_dev)); m_freem(sc->sc_tx_mbuf[t]); + sc->sc_tx_mbuf[t] = NULL; t--; continue; } @@ -927,6 +930,7 @@ iee_init(struct ifnet *ifp) printf("%s: iee_init: can't allocate mbuf" " cluster\n", device_xname(sc->sc_dev)); m_freem(sc->sc_rx_mbuf[r]); + sc->sc_rx_mbuf[r] = NULL; err = 1; break; } @@ -940,6 +944,7 @@ iee_init(struct ifnet *ifp) printf("%s: iee_init: can't create RX " "DMA map\n", device_xname(sc->sc_dev)); m_freem(sc->sc_rx_mbuf[r]); + sc->sc_rx_mbuf[r] = NULL; err = 1; break; } @@ -949,6 +954,7 @@ iee_init(struct ifnet *ifp) device_xname(sc->sc_dev)); bus_dmamap_destroy(sc->sc_dmat, sc->sc_rx_map[r]); m_freem(sc->sc_rx_mbuf[r]); + sc->sc_rx_mbuf[r] = NULL; err = 1; break; }