Fix potential data corruption in iflib
The MP ring may have txq pointers enqueued. Previously, these were passed to m_free() when IFC_QFLUSH was set. This patch checks for the value and doesn't call m_free(). Reviewed by: gallatin Approved by: re (gjb) Sponsored by: Limelight Networks Differential Revision: https://reviews.freebsd.org/D16882
This commit is contained in:
parent
2a0d911790
commit
ab689463dd
@ -3636,7 +3636,8 @@ iflib_txq_drain(struct ifmp_ring *r, uint32_t cidx, uint32_t pidx)
|
|||||||
if (__predict_false(ctx->ifc_flags & IFC_QFLUSH)) {
|
if (__predict_false(ctx->ifc_flags & IFC_QFLUSH)) {
|
||||||
DBG_COUNTER_INC(txq_drain_flushing);
|
DBG_COUNTER_INC(txq_drain_flushing);
|
||||||
for (i = 0; i < avail; i++) {
|
for (i = 0; i < avail; i++) {
|
||||||
m_free(r->items[(cidx + i) & (r->size-1)]);
|
if (__predict_true(r->items[(cidx + i) & (r->size-1)] != (void *)txq)
|
||||||
|
m_free(r->items[(cidx + i) & (r->size-1)]);
|
||||||
r->items[(cidx + i) & (r->size-1)] = NULL;
|
r->items[(cidx + i) & (r->size-1)] = NULL;
|
||||||
}
|
}
|
||||||
return (avail);
|
return (avail);
|
||||||
|
Loading…
Reference in New Issue
Block a user