svn commit: r267052 - stable/7/sys/cam
Alexander Motin
mav at FreeBSD.org
Wed Jun 4 12:24:54 UTC 2014
Author: mav
Date: Wed Jun 4 12:24:53 2014
New Revision: 267052
URL: http://svnweb.freebsd.org/changeset/base/267052
Log:
MFC r237398:
In camisr() clear CAM_SIM_ON_DONEQ flag after camisr_runqueue() purged SIM
done queue. Clearing it before caused extra SIM queueing in some cases.
It was invisible during normal operation, but during USB device unplug and
respective SIM destruction it could keep pointer on SIM without having
counted reference and as result crash the system by use afer free.
PR: usb/168743
Modified:
stable/7/sys/cam/cam_xpt.c
Directory Properties:
stable/7/ (props changed)
stable/7/sys/ (props changed)
Modified: stable/7/sys/cam/cam_xpt.c
==============================================================================
--- stable/7/sys/cam/cam_xpt.c Wed Jun 4 12:05:47 2014 (r267051)
+++ stable/7/sys/cam/cam_xpt.c Wed Jun 4 12:24:53 2014 (r267052)
@@ -7227,8 +7227,8 @@ camisr(void *dummy)
while ((sim = TAILQ_FIRST(&queue)) != NULL) {
TAILQ_REMOVE(&queue, sim, links);
CAM_SIM_LOCK(sim);
- sim->flags &= ~CAM_SIM_ON_DONEQ;
camisr_runqueue(&sim->sim_doneq);
+ sim->flags &= ~CAM_SIM_ON_DONEQ;
CAM_SIM_UNLOCK(sim);
}
}
More information about the svn-src-all
mailing list