From 05d55db82b2afb5f70e90493a9589f206e383d57 Mon Sep 17 00:00:00 2001 From: cegger Date: Tue, 3 Mar 2009 23:28:44 +0000 Subject: [PATCH] mimic fix from nfe(4): when bus_dmamap_create fails, then the map pointer is undefined. age_dma_free() assumes, the map pointer is NULL. Make the assumption always true by setting the map pointer to NULL in bus_dmamap_create() error path in order to prevent age_dma_free() to call bus_dmamap_destroy() on an invalid map. --- sys/dev/pci/if_age.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/sys/dev/pci/if_age.c b/sys/dev/pci/if_age.c index 5b82d9584aca..0cdd90e46695 100644 --- a/sys/dev/pci/if_age.c +++ b/sys/dev/pci/if_age.c @@ -1,4 +1,4 @@ -/* $NetBSD: if_age.c,v 1.24 2009/03/03 22:26:41 cegger Exp $ */ +/* $NetBSD: if_age.c,v 1.25 2009/03/03 23:28:44 cegger Exp $ */ /* $OpenBSD: if_age.c,v 1.1 2009/01/16 05:00:34 kevlo Exp $ */ /*- @@ -31,7 +31,7 @@ /* Driver for Attansic Technology Corp. L1 Gigabit Ethernet. */ #include -__KERNEL_RCSID(0, "$NetBSD: if_age.c,v 1.24 2009/03/03 22:26:41 cegger Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_age.c,v 1.25 2009/03/03 23:28:44 cegger Exp $"); #include "bpfilter.h" #include "vlan.h" @@ -706,8 +706,10 @@ age_dma_alloc(struct age_softc *sc) */ error = bus_dmamap_create(sc->sc_dmat, AGE_TX_RING_SZ, 1, AGE_TX_RING_SZ, 0, BUS_DMA_NOWAIT, &sc->age_cdata.age_tx_ring_map); - if (error) + if (error) { + sc->age_cdata.age_tx_ring_map = NULL; return ENOBUFS; + } /* Allocate DMA'able memory for TX ring */ error = bus_dmamem_alloc(sc->sc_dmat, AGE_TX_RING_SZ, @@ -746,8 +748,10 @@ age_dma_alloc(struct age_softc *sc) */ error = bus_dmamap_create(sc->sc_dmat, AGE_RX_RING_SZ, 1, AGE_RX_RING_SZ, 0, BUS_DMA_NOWAIT, &sc->age_cdata.age_rx_ring_map); - if (error) + if (error) { + sc->age_cdata.age_rx_ring_map = NULL; return ENOBUFS; + } /* Allocate DMA'able memory for RX ring */ error = bus_dmamem_alloc(sc->sc_dmat, AGE_RX_RING_SZ, @@ -786,8 +790,10 @@ age_dma_alloc(struct age_softc *sc) */ error = bus_dmamap_create(sc->sc_dmat, AGE_RR_RING_SZ, 1, AGE_RR_RING_SZ, 0, BUS_DMA_NOWAIT, &sc->age_cdata.age_rr_ring_map); - if (error) + if (error) { + sc->age_cdata.age_rr_ring_map = NULL; return ENOBUFS; + } /* Allocate DMA'able memory for RX return ring */ error = bus_dmamem_alloc(sc->sc_dmat, AGE_RR_RING_SZ, @@ -828,8 +834,10 @@ age_dma_alloc(struct age_softc *sc) error = bus_dmamap_create(sc->sc_dmat, AGE_CMB_BLOCK_SZ, 1, AGE_CMB_BLOCK_SZ, 0, BUS_DMA_NOWAIT, &sc->age_cdata.age_cmb_block_map); - if (error) + if (error) { + sc->age_cdata.age_cmb_block_map = NULL; return ENOBUFS; + } /* Allocate DMA'able memory for CMB block */ error = bus_dmamem_alloc(sc->sc_dmat, AGE_CMB_BLOCK_SZ, @@ -870,8 +878,10 @@ age_dma_alloc(struct age_softc *sc) error = bus_dmamap_create(sc->sc_dmat, AGE_SMB_BLOCK_SZ, 1, AGE_SMB_BLOCK_SZ, 0, BUS_DMA_NOWAIT, &sc->age_cdata.age_smb_block_map); - if (error) + if (error) { + sc->age_cdata.age_smb_block_map = NULL; return ENOBUFS; + } /* Allocate DMA'able memory for SMB block */ error = bus_dmamem_alloc(sc->sc_dmat, AGE_SMB_BLOCK_SZ, @@ -915,6 +925,7 @@ age_dma_alloc(struct age_softc *sc) AGE_MAXTXSEGS, AGE_TSO_MAXSEGSIZE, 0, BUS_DMA_NOWAIT, &txd->tx_dmamap); if (error) { + txd->tx_dmamap = NULL; printf("%s: could not create Tx dmamap, error = %i.\n", device_xname(sc->sc_dev), error); return error; @@ -925,6 +936,7 @@ age_dma_alloc(struct age_softc *sc) error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 1, MCLBYTES, 0, BUS_DMA_NOWAIT, &sc->age_cdata.age_rx_sparemap); if (error) { + sc->age_cdata.age_rx_sparemap = NULL; printf("%s: could not create spare Rx dmamap, error = %i.\n", device_xname(sc->sc_dev), error); return error; @@ -936,6 +948,7 @@ age_dma_alloc(struct age_softc *sc) error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 1, MCLBYTES, 0, BUS_DMA_NOWAIT, &rxd->rx_dmamap); if (error) { + rxd->rx_dmamap = NULL; printf("%s: could not create Rx dmamap, error = %i.\n", device_xname(sc->sc_dev), error); return error;