Michael Li
12/05/2008 5:30 PM
post18062
|
Hello,
I have a bug report in the file "trunk/sys/net/if_ethersubr.c", function "etype_list_remove". So the only place in the
networking code that uses the "etype_list_insert" function is in the qnet src. This is only done at initialization and
never has to call "etype_list_remove".
In a port of TIPC as a loadable shared module, there is functionality that allows binding and unbinding the TIPC
protocol on specific ethernet interfaces so I'm using both functions for registering and deregistering ethernet driver
callbacks.
etype_list_remove doesn't take the callback function off the list. Here's the snippet:
/* if same etype already in list, refuse it. */
for (lpp = &etype_list_head, lp = *lpp; lp ; lpp = &lp->next, lp = *lpp) {
if (lp->etype == etype) {
*lpp = lp;
break;
}
}
"*lpp = lp;" should be this: "*lpp = lp->next;"
Otherwise, a double free occurs and io-pkt crashes.
Cheers,
Mike
|
|
|