diff options
| author |   kettenis <kettenis@openbsd.org> | 2014-02-05 07:56:10 +0000 |
|---|---|---|
| committer | kettenis <kettenis@openbsd.org> | 2014-02-05 07:56:10 +0000 |
| commit | 9230beccff4176749c8d624a8fa294308263de84 (patch) | |
| tree | 9a060572489b2885fb7de7a2574d59235c2a9c1f | |
| parent | - Recognize BCM5762 A0 chipset. (diff) | |
| download | wireguard-openbsd-9230beccff4176749c8d624a8fa294308263de84.tar.xz wireguard-openbsd-9230beccff4176749c8d624a8fa294308263de84.zip | |
Punt on handling responses if we haven't allocated the response queue yet.
Otherwise a spurious interrupt might make us dereference a null-pointer.
This is especially important for ISP2200 cards with Open Firmware, where the
card is running a full firmware and the response queue "in" pointer is
non-zero when we take over.
ok jmatthew@
| -rw-r--r-- | sys/dev/ic/qla.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/dev/ic/qla.c b/sys/dev/ic/qla.c index cdd3a018152..ac83131402b 100644 --- a/sys/dev/ic/qla.c +++ b/sys/dev/ic/qla.c @@ -1,4 +1,4 @@ -/* $OpenBSD: qla.c,v 1.15 2014/02/03 14:16:34 jmatthew Exp $ */ +/* $OpenBSD: qla.c,v 1.16 2014/02/05 07:56:10 kettenis Exp $ */ /* * Copyright (c) 2011 David Gwynne <dlg@openbsd.org> @@ -725,6 +725,9 @@ qla_handle_intr(struct qla_softc *sc, u_int16_t isr, u_int16_t info) printf("%s: nonsense interrupt (%x)\n", DEVNAME(sc), rspin); } else { + if (sc->sc_responses == NULL) + break; + while (sc->sc_last_resp_id != rspin) { ccb = qla_handle_resp(sc, sc->sc_last_resp_id); if (ccb) |