e1000

Luigi Rizzo Thu, 12 Jan 2012 09:31:10 -0800

Author: luigi
Date: Thu Jan 12 17:30:44 2012
New Revision: 230024
URL: http://svn.freebsd.org/changeset/base/230024


Log:
  clear the pointer after freeing the mbuf. Without that, we
  risk a double free if the subsequent mbuf allocation fails.
  This bug is not netmap-related and was introduced in  rev. 228387

Modified:
  head/sys/dev/e1000/if_em.c

Modified: head/sys/dev/e1000/if_em.c
==============================================================================
--- head/sys/dev/e1000/if_em.c  Thu Jan 12 17:28:00 2012        (r230023)
+++ head/sys/dev/e1000/if_em.c  Thu Jan 12 17:30:44 2012        (r230024)
@@ -4044,6 +4044,7 @@ em_setup_receive_ring(struct rx_ring *rx
                            BUS_DMASYNC_POSTREAD);
                        bus_dmamap_unload(rxr->rxtag, rxbuf->map);
                        m_freem(rxbuf->m_head);
+                       rxbuf->m_head = NULL; /* mark as freed */
                }
        }
 
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r230024 - head/sys/dev/e1000

Reply via email to