Author: hselasky
Date: Tue Apr 3 09:31:30 2018
New Revision: 331918
URL: https://svnweb.freebsd.org/changeset/base/331918
Log:
MFC r331825:
Fix for use after free in mlx5core.
Make sure the command completion handler is not called when the device is
in internal error state. This can easily trigger use after free situations.
Sponsored by: Mellanox Technologies
Modified:
stable/11/sys/dev/mlx5/mlx5_core/mlx5_eq.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/dev/mlx5/mlx5_core/mlx5_eq.c
==============================================================================
--- stable/11/sys/dev/mlx5/mlx5_core/mlx5_eq.c Tue Apr 3 09:30:40 2018
(r331917)
+++ stable/11/sys/dev/mlx5/mlx5_core/mlx5_eq.c Tue Apr 3 09:31:30 2018
(r331918)
@@ -254,7 +254,8 @@ static int mlx5_eq_int(struct mlx5_core_dev *dev, stru
break;
case MLX5_EVENT_TYPE_CMD:
- mlx5_cmd_comp_handler(dev,
be32_to_cpu(eqe->data.cmd.vector));
+ if (dev->state != MLX5_DEVICE_STATE_INTERNAL_ERROR)
+ mlx5_cmd_comp_handler(dev,
be32_to_cpu(eqe->data.cmd.vector));
break;
case MLX5_EVENT_TYPE_PORT_CHANGE:
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
