Changeset View
Changeset View
Standalone View
Standalone View
sys/dev/bxe/bxe.c
- This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 Lines • Show All 6,543 Lines • ▼ Show 20 Lines | bxe_free_fp_buffers(struct bxe_softc *sc) | ||||
for (i = 0; i < sc->num_queues; i++) { | for (i = 0; i < sc->num_queues; i++) { | ||||
fp = &sc->fp[i]; | fp = &sc->fp[i]; | ||||
#if __FreeBSD_version >= 800000 | #if __FreeBSD_version >= 800000 | ||||
if (fp->tx_br != NULL) { | if (fp->tx_br != NULL) { | ||||
struct mbuf *m; | struct mbuf *m; | ||||
/* just in case bxe_mq_flush() wasn't called */ | /* just in case bxe_mq_flush() wasn't called */ | ||||
BXE_FP_TX_LOCK(fp); | |||||
markj: On line 6593 we destroy fp->tx_mtx only if mtx_initialized(&fp->tx_mtx) is true. Can this… | |||||
cse_cem_gmail_comAuthorUnsubmitted Not Done Inline ActionsSigh. Yes. Any error in bxe_nic_load before bxe_nic_init() (this is where tx_mtx is initialized) on line 12953 -> bxe_nic_load_errorN -> bxe_free_fp_buffers() can reach this point with an uninitialized mtx. cse_cem_gmail_com: Sigh. Yes.
Any error in bxe_nic_load before bxe_nic_init() (this is where tx_mtx is… | |||||
while ((m = buf_ring_dequeue_sc(fp->tx_br)) != NULL) { | while ((m = buf_ring_dequeue_sc(fp->tx_br)) != NULL) { | ||||
m_freem(m); | m_freem(m); | ||||
} | } | ||||
BXE_FP_TX_UNLOCK(fp); | |||||
buf_ring_free(fp->tx_br, M_DEVBUF); | buf_ring_free(fp->tx_br, M_DEVBUF); | ||||
fp->tx_br = NULL; | fp->tx_br = NULL; | ||||
} | } | ||||
#endif | #endif | ||||
/* free all RX buffers */ | /* free all RX buffers */ | ||||
bxe_free_rx_bd_chain(fp); | bxe_free_rx_bd_chain(fp); | ||||
bxe_free_tpa_pool(fp); | bxe_free_tpa_pool(fp); | ||||
▲ Show 20 Lines • Show All 12,254 Lines • Show Last 20 Lines |
On line 6593 we destroy fp->tx_mtx only if mtx_initialized(&fp->tx_mtx) is true. Can this function actually be called before the lock is initialized?