From 9bf94a50911bfe65490f641a53dc4b2945f8a42a Mon Sep 17 00:00:00 2001
From: erj <erj@FreeBSD.org>
Date: Wed, 24 Jul 2019 21:43:41 +0000
Subject: [PATCH] iflib: fix dangling device softc pointer

Commit text by Jake:
If a driver's IFDI_ATTACH_PRE function fails, the iflib_device_register
function will free the ctx pointer. However, it does not reset the
device softc pointer to NULL.

This will result in memory corruption as a future access to the now
invalid pointer will corrupt memory that is later allocated on top of
the same memory location.

The iflib_device_deregister function correctly resets the softc pointer
by using device_set_softc().

This clears up the invalid dangling pointer and prevents memory
corruption that could lead to a panic or undefined behavior if the
device's driver failed to attach.

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>

Submitted by:	Jacob Keller <jacob.e.keller@intel.com>
Reviewed by:	erj@, gallatin@
MFC after:	1 week
Sponsored by:	Intel Corporation
Differential Revision:	https://reviews.freebsd.org/D21003
---
 sys/net/iflib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/net/iflib.c b/sys/net/iflib.c
index e33c2bec61e..19a60f140a1 100644
--- a/sys/net/iflib.c
+++ b/sys/net/iflib.c
@@ -4785,6 +4785,7 @@ iflib_device_register(device_t dev, void *sc, if_shared_ctx_t sctx, if_ctx_t *ct
 fail_unlock:
 	CTX_UNLOCK(ctx);
 fail_ctx_free:
+	device_set_softc(ctx->ifc_dev, NULL);
         if (ctx->ifc_flags & IFC_SC_ALLOCATED)
                 free(ctx->ifc_softc, M_IFLIB);
         free(ctx, M_IFLIB);
-- 
2.45.0