svn commit: r261145 - stable/10/sys/cam
Alexander Motin
mav at FreeBSD.org
Sat Jan 25 01:58:16 UTC 2014
Author: mav
Date: Sat Jan 25 01:58:15 2014
New Revision: 261145
URL: http://svnweb.freebsd.org/changeset/base/261145
Log:
MFC r260549:
Move xpt_run_devq() call before request completion callback where it was
originally.
I am not sure why exactly have I moved it during one of many refactorings
during camlock project, but obviously it opens race window that may cause
use after free panics during SIM (in reported cases umass(4)) detach.
Modified:
stable/10/sys/cam/cam_xpt.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/cam/cam_xpt.c
==============================================================================
--- stable/10/sys/cam/cam_xpt.c Sat Jan 25 01:08:35 2014 (r261144)
+++ stable/10/sys/cam/cam_xpt.c Sat Jan 25 01:58:15 2014 (r261145)
@@ -5186,8 +5186,7 @@ xpt_done_process(struct ccb_hdr *ccb_h)
if ((ccb_h->flags & CAM_DEV_QFRZDIS)
&& (ccb_h->status & CAM_DEV_QFRZN)) {
- xpt_release_devq(ccb_h->path, /*count*/1,
- /*run_queue*/FALSE);
+ xpt_release_devq(ccb_h->path, /*count*/1, /*run_queue*/TRUE);
ccb_h->status &= ~CAM_DEV_QFRZN;
}
@@ -5216,6 +5215,7 @@ xpt_done_process(struct ccb_hdr *ccb_h)
if (!device_is_queued(dev))
(void)xpt_schedule_devq(devq, dev);
+ xpt_run_devq(devq);
mtx_unlock(&devq->send_mtx);
if ((dev->flags & CAM_DEV_TAG_AFTER_COUNT) != 0) {
@@ -5245,10 +5245,6 @@ xpt_done_process(struct ccb_hdr *ccb_h)
(*ccb_h->cbfcnp)(ccb_h->path->periph, (union ccb *)ccb_h);
if (mtx != NULL)
mtx_unlock(mtx);
-
- mtx_lock(&devq->send_mtx);
- xpt_run_devq(devq);
- mtx_unlock(&devq->send_mtx);
}
void
More information about the svn-src-all
mailing list