From owner-svn-src-stable@FreeBSD.ORG Wed Jun 27 11:04:04 2012 Return-Path: Delivered-To: svn-src-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A8BC01065673; Wed, 27 Jun 2012 11:04:04 +0000 (UTC) (envelope-from mav@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 941158FC18; Wed, 27 Jun 2012 11:04:04 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q5RB44fs006491; Wed, 27 Jun 2012 11:04:04 GMT (envelope-from mav@svn.freebsd.org) Received: (from mav@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q5RB447N006489; Wed, 27 Jun 2012 11:04:04 GMT (envelope-from mav@svn.freebsd.org) Message-Id: <201206271104.q5RB447N006489@svn.freebsd.org> From: Alexander Motin Date: Wed, 27 Jun 2012 11:04:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r237638 - stable/8/sys/cam X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 11:04:04 -0000 Author: mav Date: Wed Jun 27 11:04:04 2012 New Revision: 237638 URL: http://svn.freebsd.org/changeset/base/237638 Log: MFC r237398: In camisr() clear CAM_SIM_ON_DONEQ flag after camisr_runqueue() purged SIM done queue. Clearing it before caused extra SIM queueing in some cases. It was invisible during normal operation, but during USB device unplug and respective SIM destruction it could keep pointer on SIM without having counted reference and as result crash the system by use afer free. PR: usb/168743 Modified: stable/8/sys/cam/cam_xpt.c Directory Properties: stable/8/sys/ (props changed) Modified: stable/8/sys/cam/cam_xpt.c ============================================================================== --- stable/8/sys/cam/cam_xpt.c Wed Jun 27 11:02:35 2012 (r237637) +++ stable/8/sys/cam/cam_xpt.c Wed Jun 27 11:04:04 2012 (r237638) @@ -4944,8 +4944,8 @@ camisr(void *dummy) while ((sim = TAILQ_FIRST(&queue)) != NULL) { TAILQ_REMOVE(&queue, sim, links); CAM_SIM_LOCK(sim); - sim->flags &= ~CAM_SIM_ON_DONEQ; camisr_runqueue(&sim->sim_doneq); + sim->flags &= ~CAM_SIM_ON_DONEQ; CAM_SIM_UNLOCK(sim); } mtx_lock(&cam_simq_lock);