"dcdc6667ce56585c68995a864ce10c1233319b2e" (history) in projects: freebsd

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched hist:dcdc6667ce56585c68995a864ce10c1233319b2e (Results 1 – 1 of 1) sorted by relevance

/freebsd/sys/netinet6/
H A D	in6_ifattach.c	diff dcdc6667ce56585c68995a864ce10c1233319b2e Sun Sep 14 00:34:52 CEST 2003 Bill Paul <wpaul@FreeBSD.org> The in6_ifattach() routine contains the following code: in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp); in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp); The problem here is that udbinfo.listhead and ripcbinfo.listhead are not initialized during the device probe/attach phase of the kernel boot process. So if, for example, a network driver calls ether_ifattach() in its foo_attach() routine and then decides that something is wrong and calls ether_ifdetach() to reverse the process, we will panic trying to dereference the uninitialized list head pointers. (Though the same sequence of events performed after the kernel has come up works file, i.e. doing kldload if_foo from multiuser.) Change this to: if (udbinfo.listhead != NULL) in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp); if (ripcbinfo.listhead != NULL) in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp); to avoid the NULL pointer dereferences. diff dcdc6667ce56585c68995a864ce10c1233319b2e Sun Sep 14 00:34:52 CEST 2003 Bill Paul <wpaul@FreeBSD.org> The in6_ifattach() routine contains the following code: in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp); in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp); The problem here is that udbinfo.listhead and ripcbinfo.listhead are not initialized during the device probe/attach phase of the kernel boot process. So if, for example, a network driver calls ether_ifattach() in its foo_attach() routine and then decides that something is wrong and calls ether_ifdetach() to reverse the process, we will panic trying to dereference the uninitialized list head pointers. (Though the same sequence of events performed after the kernel has come up works file, i.e. doing kldload if_foo from multiuser.) Change this to: if (udbinfo.listhead != NULL) in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp); if (ripcbinfo.listhead != NULL) in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp); to avoid the NULL pointer dereferences.