diff options
| author |   krw <krw@openbsd.org> | 2001-10-14 02:56:34 +0000 |
|---|---|---|
| committer | krw <krw@openbsd.org> | 2001-10-14 02:56:34 +0000 |
| commit | 48b439ed9a3bbe63da7bdebdbc8fd8e90ae8dea0 (patch) | |
| tree | 5dc036ee44f469d0f3cab0d13cb7c2fbd6e78a38 | |
| parent | Use double quotes around the password variable--should close PR 2114 (diff) | |
| download | wireguard-openbsd-48b439ed9a3bbe63da7bdebdbc8fd8e90ae8dea0.tar.xz wireguard-openbsd-48b439ed9a3bbe63da7bdebdbc8fd8e90ae8dea0.zip | |
Andreas Gunnarsson found a bug in iha that causes system crashes
when running a DIAGNOSTIC kernel. This was exposed by the recent
migration of the SCSI layer to use pools.
timeout_del() was being called on de-allocated memory after every
completed SCSI command. Which worked as long as the memory was not
reused or zapped ...
This patch, slightly modified from Andreas's original diff, moves
the timeout_del() to before the call to scsi_done() which
de-allocates the memory holding the timeout. All scb's that start
a timeout go through this logic and have the timeout_del() called.
ok millert@ deraadt@
| -rw-r--r-- | sys/dev/ic/iha.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/sys/dev/ic/iha.c b/sys/dev/ic/iha.c index d86a7d64581..41027cb49ed 100644 --- a/sys/dev/ic/iha.c +++ b/sys/dev/ic/iha.c @@ -1,4 +1,4 @@ -/* $OpenBSD: iha.c,v 1.9 2001/08/26 02:39:05 krw Exp $ */ +/* $OpenBSD: iha.c,v 1.10 2001/10/14 02:56:34 krw Exp $ */ /* * Initio INI-9xxxU/UW SCSI Device Driver * @@ -521,9 +521,6 @@ iha_append_free_scb(sc, pScb) s = splbio(); - if (pScb->SCB_Xs != NULL) - timeout_del(&pScb->SCB_Xs->stimeout); - if (pScb == sc->HCS_ActScb) sc->HCS_ActScb = NULL; @@ -2483,10 +2480,11 @@ iha_done_scb(sc, pScb) bus_dmamap_unload(sc->sc_dmat, pScb->SCB_Dmamap); } + timeout_del(&xs->stimeout); xs->flags |= ITSDONE; scsi_done(xs); } - + iha_append_free_scb(sc, pScb); } |