Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Paste
P268
Reduce the possibility of NULL inp dereference when the aiotx_task runs after final_cpl_received.
Active
Public
Actions
Authored by
np
on Jun 6 2019, 6:18 PM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Flag For Later
Award Token
Tags
None
Referenced Files
F4692553: raw.txt
Jun 6 2019, 6:18 PM
2019-06-06 18:18:07 (UTC+0)
Subscribers
None
diff -r 4a367a886c39 -r 182575b4b006 sys/dev/cxgbe/tom/t4_cpl_io.c
--- a/sys/dev/cxgbe/tom/t4_cpl_io.c Sun Jun 02 09:20:22 2019 -0700
+++ b/sys/dev/cxgbe/tom/t4_cpl_io.c Tue Jun 04 10:05:30 2019 -0700
@@ -2196,9 +2196,18 @@ t4_aiotx_task(void *context, int pending
{
struct toepcb *toep = context;
struct inpcb *inp = toep->inp;
- struct socket *so = inp->inp_socket;
+ struct socket *so;
struct kaiocb *job;
+ if (TAILQ_EMPTY(&toep->aiotx_jobq)) {
+ if (inp == NULL)
+ printf("tid %u aiotx panic avoided\n", toep->tid);
+ toep->aiotx_task_active = false;
+ free_toepcb(toep);
+ return;
+ }
+
+ so = inp->inp_socket;
CURVNET_SET(toep->vnet);
SOCKBUF_LOCK(&so->so_snd);
while (!TAILQ_EMPTY(&toep->aiotx_jobq) && sowriteable(so)) {
Event Timeline
np
created this paste.
Jun 6 2019, 6:18 PM
2019-06-06 18:18:07 (UTC+0)
np
created this object in space
S1 Global
.
Log In to Comment