[Bug 261387] Should cam be calling callout drain for struct cam_sim and struct cam_ed?

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 261387] Should cam be calling callout drain for struct cam_sim and struct cam_ed?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 21 Jan 2022 17:33:17 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261387

            Bug ID: 261387
           Summary: Should cam be calling callout drain for struct cam_sim
                    and struct cam_ed?
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: Herbie.Robinson@stratus.com

The documentation for callout says that callout_drain must be called before
destroying any storage containing a callout structure.  I noticed the CAM
doesn't do that for struct cam_sim and struct cam_id.

I pose this bug report as a question, because it does seem a little scary to
fix it and it's certainly beyond my level of experience with the FreeBSD
kernel.

The simple patches to fix this would be

--- cam_sim.c
+++ cam_sim.c
@@ -165,6 +165,7 @@

     if (free_devq)
          cam_simq_free(sim->devq);
+    callout_drain(&sim->callout);
     free(sim, M_CAMSIM);
 }

--- cam_xpt.c
+++ cam_xpt.c
@@ -4831,6 +4831,7 @@
 {
     struct cam_ed  *device = context;

+    callout_drain(&device->callout);
     mtx_lock(&device->device_mtx);
     mtx_destroy(&device->device_mtx);
     free(device, M_CAMDEV);

This is relative to the main branch
https://cgit.freebsd.org/src/commit/?id=b252fb24301c1f7e7d83eab631e7d9fa947e227d.

The routines patched are cam_sim_free and xpt_destroy_device.

-- 
You are receiving this mail because:
You are the assignee for the bug.