sge_encap() can sometimes return an error with m_head set to NULL.

Make sure not to requeue freed mbuf in sge_start_locked(). This should fix NULL pointer dereference panic. Reported by: Nikolay Denev <ndenev <> gmail dot com> Submitted by: jhb
author: yongari <yongari@FreeBSD.org> 2010-05-24 17:12:44 +0000
committer: yongari <yongari@FreeBSD.org> 2010-05-24 17:12:44 +0000
commit: a2bf33fb2600f7cd40f3da22d7775150f6880bdf (patch)
tree: 76e506cc320e7469a70c38a15a247e22ec1287a8 /sys/dev/sge
parent: 9124c5fc65dba17f3101e783f2b309c2476f36fb (diff)
download: FreeBSD-src-a2bf33fb2600f7cd40f3da22d7775150f6880bdf.zip
FreeBSD-src-a2bf33fb2600f7cd40f3da22d7775150f6880bdf.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/dev/sge/if_sge.c b/sys/dev/sge/if_sge.c
index db6ae16..9248da3 100644
--- a/sys/dev/sge/if_sge.c
+++ b/sys/dev/sge/if_sge.c
@@ -1588,7 +1588,8 @@ sge_start_locked(struct ifnet *ifp)
 		if (m_head == NULL)
 			break;
 		if (sge_encap(sc, &m_head)) {
-			IFQ_DRV_PREPEND(&ifp->if_snd, m_head);
+			if (m_head != NULL)
+				IFQ_DRV_PREPEND(&ifp->if_snd, m_head);
 			ifp->if_drv_flags |= IFF_DRV_OACTIVE;
 			break;
 		}
author	yongari <yongari@FreeBSD.org>	2010-05-24 17:12:44 +0000
committer	yongari <yongari@FreeBSD.org>	2010-05-24 17:12:44 +0000
commit	a2bf33fb2600f7cd40f3da22d7775150f6880bdf (patch)
tree	76e506cc320e7469a70c38a15a247e22ec1287a8 /sys/dev/sge
parent	9124c5fc65dba17f3101e783f2b309c2476f36fb (diff)
download	FreeBSD-src-a2bf33fb2600f7cd40f3da22d7775150f6880bdf.zip FreeBSD-src-a2bf33fb2600f7cd40f3da22d7775150f6880bdf.tar.gz