Author: adrian Date: Mon Sep 7 23:16:39 2015 New Revision: 287543 URL: https://svnweb.freebsd.org/changeset/base/287543
Log: Don't call enable_all_rings if the adapter has been freed. This is a subtle use-after-free race that results in some very undesirable hang behaviour. Reviewed by: pkelsey Obtained from: Kip Macy, NextBSD (https://github.com/NextBSD/NextBSD/commit/91a9bd1dbb33dafb41684d054e59d73976de9654) Modified: head/sys/dev/netmap/netmap.c Modified: head/sys/dev/netmap/netmap.c ============================================================================== --- head/sys/dev/netmap/netmap.c Mon Sep 7 21:59:11 2015 (r287542) +++ head/sys/dev/netmap/netmap.c Mon Sep 7 23:16:39 2015 (r287543) @@ -2841,10 +2841,12 @@ void netmap_detach(struct ifnet *ifp) { struct netmap_adapter *na = NA(ifp); + int skip; if (!na) return; + skip = 0; NMG_LOCK(); netmap_disable_all_rings(ifp); na->ifp = NULL; @@ -2856,10 +2858,11 @@ netmap_detach(struct ifnet *ifp) * the driver is gone. */ if (na->na_flags & NAF_NATIVE) { - netmap_adapter_put(na); + skip = netmap_adapter_put(na); } /* give them a chance to notice */ - netmap_enable_all_rings(ifp); + if (skip == 0) + netmap_enable_all_rings(ifp); NMG_UNLOCK(); } _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "[email protected]"
