Author: mav
Date: Wed Jun 27 11:02:35 2012
New Revision: 237637
URL: http://svn.freebsd.org/changeset/base/237637
Log:
MFC r237398:
In camisr() clear CAM_SIM_ON_DONEQ flag after camisr_runqueue() purged SIM
done queue. Clearing it before caused extra SIM queueing in some cases.
It was invisible during normal operation, but during USB device unplug and
respective SIM destruction it could keep pointer on SIM without having
counted reference and as result crash the system by use afer free.
PR: usb/168743
Modified:
stable/9/sys/cam/cam_xpt.c
Directory Properties:
stable/9/sys/ (props changed)
Modified: stable/9/sys/cam/cam_xpt.c
==============================================================================
--- stable/9/sys/cam/cam_xpt.c Wed Jun 27 10:07:29 2012 (r237636)
+++ stable/9/sys/cam/cam_xpt.c Wed Jun 27 11:02:35 2012 (r237637)
@@ -4990,8 +4990,8 @@ camisr(void *dummy)
while ((sim = TAILQ_FIRST(&queue)) != NULL) {
TAILQ_REMOVE(&queue, sim, links);
CAM_SIM_LOCK(sim);
- sim->flags &= ~CAM_SIM_ON_DONEQ;
camisr_runqueue(&sim->sim_doneq);
+ sim->flags &= ~CAM_SIM_ON_DONEQ;
CAM_SIM_UNLOCK(sim);
}
mtx_lock(&cam_simq_lock);
_______________________________________________
svn-src-stable-9@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"
