From 368541ba1e13599fba3b70fccc335fdae4f74313 Mon Sep 17 00:00:00 2001 From: Navdeep Parhar Date: Fri, 30 May 2014 22:59:45 +0000 Subject: [PATCH] cxgbe(4): Fix a NULL dereference when the very first call to get_scatter_segment() in get_fl_payload() fails. While here, fix the code to adjust fl_bufs_used when a failure occurs for any other scatter segment. MFC after: 3 days --- sys/dev/cxgbe/t4_sge.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sys/dev/cxgbe/t4_sge.c b/sys/dev/cxgbe/t4_sge.c index 0fd3f931241c..bbf0575c7dc1 100644 --- a/sys/dev/cxgbe/t4_sge.c +++ b/sys/dev/cxgbe/t4_sge.c @@ -1628,6 +1628,7 @@ get_fl_payload(struct adapter *sc, struct sge_fl *fl, uint32_t len_newbuf, nbuf = 0; len = G_RSPD_LEN(len_newbuf); if (__predict_false(fl->m0 != NULL)) { + M_ASSERTPKTHDR(fl->m0); MPASS(len == fl->m0->m_pkthdr.len); MPASS(fl->remaining < len); @@ -1651,6 +1652,8 @@ get_fl_payload(struct adapter *sc, struct sge_fl *fl, uint32_t len_newbuf, */ m0 = get_scatter_segment(sc, fl, len, M_PKTHDR); + if (m0 == NULL) + goto done; len -= m0->m_len; pnext = &m0->m_next; while (len > 0) { @@ -1662,7 +1665,8 @@ get_fl_payload(struct adapter *sc, struct sge_fl *fl, uint32_t len_newbuf, fl->m0 = m0; fl->pnext = pnext; fl->remaining = len; - return (NULL); + m0 = NULL; + goto done; } *pnext = m; pnext = &m->m_next; @@ -1671,7 +1675,7 @@ get_fl_payload(struct adapter *sc, struct sge_fl *fl, uint32_t len_newbuf, *pnext = NULL; if (fl->rx_offset == 0) nbuf++; - +done: (*fl_bufs_used) += nbuf; return (m0); }