diff options
| author | John Baldwin <jhb@FreeBSD.org> | 2022-12-21 18:45:26 +0000 |
|---|---|---|
| committer | John Baldwin <jhb@FreeBSD.org> | 2022-12-21 18:45:26 +0000 |
| commit | 9f0c0e6eede6aedb60e12888fc9751c40b364dc9 (patch) | |
| tree | 78e309b567b91df3b2c74b4c118f9267b3cd0865 | |
| parent | e53fcff1848bb5acafc3dc38cfeb34724d9b0b96 (diff) | |
| download | src-9f0c0e6eede6aedb60e12888fc9751c40b364dc9.tar.gz src-9f0c0e6eede6aedb60e12888fc9751c40b364dc9.zip | |
mrsas: Don't leak a stack pointer value in the softc.
mrsas_issue_blocked_cmd stores a pointer to an on-stack variable
in its softc so that the driver can call wakeup() on the correct
pointer. Once the loop around tsleep() has finished however, the
pointer is no longer needed and any further use would be invalid.
Clear sc->chan to NULL after the loop.
Reported by: GCC -Wdangling-pointer
Differential Revision: https://reviews.freebsd.org/D37628
| -rw-r--r-- | sys/dev/mrsas/mrsas.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/dev/mrsas/mrsas.c b/sys/dev/mrsas/mrsas.c index 6247cc2b142c..2f531bb44674 100644 --- a/sys/dev/mrsas/mrsas.c +++ b/sys/dev/mrsas/mrsas.c @@ -3980,6 +3980,7 @@ mrsas_issue_blocked_cmd(struct mrsas_softc *sc, struct mrsas_mfi_cmd *cmd) } } } + sc->chan = NULL; if (cmd->cmd_status == 0xFF) { device_printf(sc->mrsas_dev, "DCMD timed out after %d " |