[Bug 194128] New: CTL frontend possible race, missing ccb completion

Fri Oct 3 23:17:01 UTC 2014

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194128

            Bug ID: 194128
           Summary: CTL frontend possible race, missing ccb completion
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: smferris at gmail.com

Created attachment 147952
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=147952&action=edit
ctl_frontend_cam_sim patch

While hunting some memory use-after-free bugs involving CAM_SIM_QUEUED being
set on a freed ccb, I found what looks like a possible race where the CTL
frontend can queue a ccb for processing before setting the CAM_SIM_QUEUED flag.

CTL also seems to be missing a ccb completion in the case where the ccb
couldn't be queued.

Patch attached.

-- 
You are receiving this mail because:
You are the assignee for the bug.