Author: jhb
Date: Fri Feb 3 23:48:56 2017
New Revision: 313179
URL: https://svnweb.freebsd.org/changeset/base/313179
Log:
MFC 312904: Don't drop a reference to the TOE PCB in undo_offload_socket().
undo_offload_socket() is only called by t4_connect() during a connection
setup failure, but t4_connect() still owns the TOE PCB and frees ita
after undo_offload_socket() returns. Release a reference in
undo_offload_socket() resulted in a double-free which panicked when
t4_connect() performed the second free. The reference release was
added to undo_offload_socket() incorrectly in r299210.
Sponsored by: Chelsio Communications
Modified:
stable/11/sys/dev/cxgbe/tom/t4_tom.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/dev/cxgbe/tom/t4_tom.c
==============================================================================
--- stable/11/sys/dev/cxgbe/tom/t4_tom.c Fri Feb 3 23:33:06 2017
(r313178)
+++ stable/11/sys/dev/cxgbe/tom/t4_tom.c Fri Feb 3 23:48:56 2017
(r313179)
@@ -273,8 +273,6 @@ undo_offload_socket(struct socket *so)
mtx_lock(&td->toep_list_lock);
TAILQ_REMOVE(&td->toep_list, toep, link);
mtx_unlock(&td->toep_list_lock);
-
- free_toepcb(toep);
}
static void
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
