Call ifmedia_removeall () after ether_ifdetach () to prevent access to uninitialized data.
See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244247
https://bz-attachments.freebsd.org/attachment.cgi?id=211777
Differential D24557
ng_eiface: fix kernel panic due to the racecondition in ng_eiface shutdown afedorov on Apr 24 2020, 1:08 PM. Authored by Tags None Referenced Files
Subscribers
Details Call ifmedia_removeall () after ether_ifdetach () to prevent access to uninitialized data. See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244247
Diff Detail
Event TimelineComment Actions Looks good to me (with the suggested change). If I understand correctly, the crash happens when ng_eiface_mediastatus (which dereferences ifm->ifm_cur) is called after ifmedia_removeall (which sets ifm->ifm_cur = NULL, but before ether_ifdetach.
|