CVS commit: [netbsd-8] src/sys/net

Sun, 06 May 2018 06:09:35 -0700 

Module Name:    src
Committed By:   martin
Date:           Sun May  6 13:09:06 UTC 2018

Modified Files:
        src/sys/net [netbsd-8]: if_vlan.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #813):

        sys/net/if_vlan.c: revision 1.122

If cnt == 0, don't kmem_alloc(0). Found by Mootja.

Looking at the code, I also find it suspicious that we read
ifv->ifv_mib->ifvm_p directly without making sure ifv_mib != NULL.


To generate a diff of this commit:
cvs rdiff -u -r1.97.2.12 -r1.97.2.13 src/sys/net/if_vlan.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/if_vlan.c
diff -u src/sys/net/if_vlan.c:1.97.2.12 src/sys/net/if_vlan.c:1.97.2.13
--- src/sys/net/if_vlan.c:1.97.2.12	Sat Apr 14 10:38:59 2018
+++ src/sys/net/if_vlan.c	Sun May  6 13:09:05 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_vlan.c,v 1.97.2.12 2018/04/14 10:38:59 martin Exp $	*/
+/*	$NetBSD: if_vlan.c,v 1.97.2.13 2018/05/06 13:09:05 martin Exp $	*/
 
 /*-
  * Copyright (c) 2000, 2001 The NetBSD Foundation, Inc.
@@ -78,7 +78,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.12 2018/04/14 10:38:59 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_vlan.c,v 1.97.2.13 2018/05/06 13:09:05 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -800,6 +800,7 @@ vlan_ifdetach(struct ifnet *p)
 	int i, cnt = 0;
 
 	bound = curlwp_bind();
+
 	mutex_enter(&ifv_list.lock);
 	LIST_FOREACH(ifv, &ifv_list.list, ifv_list) {
 		mib = vlan_getref_linkmib(ifv, &psref);
@@ -813,13 +814,18 @@ vlan_ifdetach(struct ifnet *p)
 	}
 	mutex_exit(&ifv_list.lock);
 
+	if (cnt == 0) {
+		curlwp_bindx(bound);
+		return;
+	}
+
 	/*
 	 * The value of "cnt" does not increase while ifv_list.lock
 	 * and ifv->ifv_lock are released here, because the parent
 	 * interface is detaching.
 	 */
 	nmibs = kmem_alloc(sizeof(*nmibs) * cnt, KM_SLEEP);
-	for (i=0; i < cnt; i++) {
+	for (i = 0; i < cnt; i++) {
 		nmibs[i] = kmem_alloc(sizeof(*nmibs[i]), KM_SLEEP);
 	}
 
@@ -847,9 +853,10 @@ vlan_ifdetach(struct ifnet *p)
 	}
 
 	mutex_exit(&ifv_list.lock);
+
 	curlwp_bindx(bound);
 
-	for (i=0; i < cnt; i++) {
+	for (i = 0; i < cnt; i++) {
 		if (nmibs[i])
 			kmem_free(nmibs[i], sizeof(*nmibs[i]));
 	}

Reply via email to