Re: free() sizes for ahc(4)

Tue, 14 May 2019 06:31:31 -0700 

On Tue, May 14, 2019 at 10:35:22AM +0000, Miod Vallat wrote:
> Note ahc_set_name() gets invoked with the dv_xname field of a struct
> device, so it's not a good idea to free anything, should it be invoked
> more than once.
> 
> Tested on:
> ahc0 at pci0 dev 1 function 0 "Adaptec AIC-7880" rev 0x00: irq 8
> ahc0: Host Adapter Bios disabled.  Using default SCSI device parameters
> scsibus0 at ahc0: 16 targets, initiator 7
> sd0 at scsibus0 targ 1 lun 0: <SGI, IBM DNES-318350Y, SAF0> SCSI3 0/direct 
> fixed serial.SGI_IBM_DNES-318350Y_AK0T7943
> sd0: 17364MB, 512 bytes/sector, 35563040 sectors
> cd0 at scsibus0 targ 4 lun 0: <TOSHIBA, CD-ROM XM-6401TA, 1015> SCSI2 5/cdrom 
> removable
> ahc1 at pci0 dev 2 function 0 "Adaptec AIC-7880" rev 0x00: irq 9
> ahc1: Host Adapter Bios disabled.  Using default SCSI device parameters
> scsibus1 at ahc1: 16 targets, initiator 7

OK Jan
 
> Index: dev/ic/aic7xxx.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/ic/aic7xxx.c,v
> retrieving revision 1.93
> diff -u -p -u -p -r1.93 aic7xxx.c
> --- dev/ic/aic7xxx.c  12 Dec 2017 12:33:36 -0000      1.93
> +++ dev/ic/aic7xxx.c  14 May 2019 10:28:10 -0000
> @@ -1688,7 +1688,7 @@ ahc_free_tstate(struct ahc_softc *ahc, u
>               scsi_id += 8;
>       tstate = ahc->enabled_targets[scsi_id];
>       if (tstate != NULL)
> -             free(tstate, M_DEVBUF, 0);
> +             free(tstate, M_DEVBUF, sizeof(*tstate));
>       ahc->enabled_targets[scsi_id] = NULL;
>  }
>  #endif
> @@ -3957,8 +3957,6 @@ ahc_set_unit(struct ahc_softc *ahc, int 
>  void
>  ahc_set_name(struct ahc_softc *ahc, char *name)
>  {
> -     if (ahc->name != NULL)
> -             free(ahc->name, M_DEVBUF, 0);
>       ahc->name = name;
>  }
>  
> @@ -3997,21 +3995,21 @@ ahc_free(struct ahc_softc *ahc)
>                               lstate = tstate->enabled_luns[j];
>                               if (lstate != NULL) {
>                                         /*xpt_free_path(lstate->path);*/
> -                                     free(lstate, M_DEVBUF, 0);
> +                                     free(lstate, M_DEVBUF, sizeof(*lstate));
>                               }
>                       }
>  #endif
> -                     free(tstate, M_DEVBUF, 0);
> +                     free(tstate, M_DEVBUF, sizeof(*tstate));
>               }
>       }
>  #ifdef AHC_TARGET_MODE
>       if (ahc->black_hole != NULL) {
>         /*xpt_free_path(ahc->black_hole->path);*/
> -             free(ahc->black_hole, M_DEVBUF, 0);
> +             free(ahc->black_hole, M_DEVBUF, sizeof(*ahc->black_hole));
>       }
>  #endif
>       if (ahc->seep_config != NULL)
> -             free(ahc->seep_config, M_DEVBUF, 0);
> +             free(ahc->seep_config, M_DEVBUF, sizeof(*ahc->seep_config));
>       return;
>  }
>  
> @@ -4329,7 +4327,7 @@ ahc_fini_scbdata(struct ahc_softc *ahc)
>                       ahc_freedmamem(ahc->parent_dmat, PAGE_SIZE,
>                           sg_map->sg_dmamap, (caddr_t)sg_map->sg_vaddr,
>                           &sg_map->sg_dmasegs, sg_map->sg_nseg);
> -                     free(sg_map, M_DEVBUF, 0);
> +                     free(sg_map, M_DEVBUF, sizeof(*sg_map));
>               }
>       }
>       /*FALLTHROUGH*/
> @@ -4350,8 +4348,10 @@ ahc_fini_scbdata(struct ahc_softc *ahc)
>       case 0:
>               break;
>       }
> -     if (scb_data->scbarray != NULL)
> -             free(scb_data->scbarray, M_DEVBUF, 0);
> +     if (scb_data->scbarray != NULL) {
> +             free(scb_data->scbarray, M_DEVBUF,
> +                 AHC_SCB_MAX_ALLOC * sizeof(struct scb));
> +     }
>  }
>  
>  void
> @@ -4383,7 +4383,7 @@ ahc_alloc_scbs(struct ahc_softc *ahc)
>                            (caddr_t *)&sg_map->sg_vaddr, &sg_map->sg_physaddr,
>                            &sg_map->sg_dmasegs, &sg_map->sg_nseg, 
> ahc_name(ahc),
>                            "SG space") < 0) {
> -             free(sg_map, M_DEVBUF, 0);
> +             free(sg_map, M_DEVBUF, sizeof(*sg_map));
>               return;
>       }
>  
> @@ -6859,7 +6859,7 @@ ahc_handle_en_lun(struct ahc_softc *ahc,
>                                        xpt_path_target_id(ccb->ccb_h.path),
>                                        xpt_path_lun_id(ccb->ccb_h.path));
>               if (status != CAM_REQ_CMP) {
> -                     free(lstate, M_DEVBUF, 0);
> +                     free(lstate, M_DEVBUF, sizeof(*lstate));
>                       xpt_print_path(ccb->ccb_h.path);
>                       printf("Couldn't allocate path\n");
>                       ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
> @@ -6980,7 +6980,7 @@ ahc_handle_en_lun(struct ahc_softc *ahc,
>               xpt_print_path(ccb->ccb_h.path);
>               printf("Target mode disabled\n");
>               xpt_free_path(lstate->path);
> -             free(lstate, M_DEVBUF, 0);
> +             free(lstate, M_DEVBUF, sizeof(*lstate));
>  
>               ahc_pause(ahc);
>               /* Can we clean up the target too? */
> Index: dev/ic/aic7xxx_seeprom.c
> ===================================================================
> RCS file: /OpenBSD/src/sys/dev/ic/aic7xxx_seeprom.c,v
> retrieving revision 1.7
> diff -u -p -u -p -r1.7 aic7xxx_seeprom.c
> --- dev/ic/aic7xxx_seeprom.c  17 Jul 2015 21:42:49 -0000      1.7
> +++ dev/ic/aic7xxx_seeprom.c  14 May 2019 10:28:10 -0000
> @@ -195,7 +195,7 @@ ahc_check_extport(struct ahc_softc *ahc,
>               if (bootverbose)
>                       printf("%s: No SEEPROM available.\n", ahc_name(ahc));
>               ahc->flags |= AHC_USEDEFAULTS | AHC_NO_BIOS_INIT;
> -             free(ahc->seep_config, M_DEVBUF, 0);
> +             free(ahc->seep_config, M_DEVBUF, sizeof(*ahc->seep_config));
>               ahc->seep_config = NULL;
>               sc = NULL;
>       } else {
>

Reply via email to