Re: usb/168743: commit references a PR
The following reply was made to PR usb/168743; it has been noted by GNATS. From: dfil...@freebsd.org (dfilter service) To: bug-follo...@freebsd.org Cc: Subject: Re: usb/168743: commit references a PR Date: Wed, 27 Jun 2012 11:04:18 + (UTC) Author: mav Date: Wed Jun 27 11:04:04 2012 New Revision: 237638 URL: http://svn.freebsd.org/changeset/base/237638 Log: MFC r237398: In camisr() clear CAM_SIM_ON_DONEQ flag after camisr_runqueue() purged SIM done queue. Clearing it before caused extra SIM queueing in some cases. It was invisible during normal operation, but during USB device unplug and respective SIM destruction it could keep pointer on SIM without having counted reference and as result crash the system by use afer free. PR: usb/168743 Modified: stable/8/sys/cam/cam_xpt.c Directory Properties: stable/8/sys/ (props changed) Modified: stable/8/sys/cam/cam_xpt.c == --- stable/8/sys/cam/cam_xpt.c Wed Jun 27 11:02:35 2012(r237637) +++ stable/8/sys/cam/cam_xpt.c Wed Jun 27 11:04:04 2012(r237638) @@ -4944,8 +4944,8 @@ camisr(void *dummy) while ((sim = TAILQ_FIRST(&queue)) != NULL) { TAILQ_REMOVE(&queue, sim, links); CAM_SIM_LOCK(sim); - sim->flags &= ~CAM_SIM_ON_DONEQ; camisr_runqueue(&sim->sim_doneq); + sim->flags &= ~CAM_SIM_ON_DONEQ; CAM_SIM_UNLOCK(sim); } mtx_lock(&cam_simq_lock); ___ svn-src-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org" ___ freebsd-usb@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-usb To unsubscribe, send any mail to "freebsd-usb-unsubscr...@freebsd.org"
Re: usb/168743: commit references a PR
The following reply was made to PR usb/168743; it has been noted by GNATS. From: dfil...@freebsd.org (dfilter service) To: bug-follo...@freebsd.org Cc: Subject: Re: usb/168743: commit references a PR Date: Wed, 27 Jun 2012 11:02:49 + (UTC) Author: mav Date: Wed Jun 27 11:02:35 2012 New Revision: 237637 URL: http://svn.freebsd.org/changeset/base/237637 Log: MFC r237398: In camisr() clear CAM_SIM_ON_DONEQ flag after camisr_runqueue() purged SIM done queue. Clearing it before caused extra SIM queueing in some cases. It was invisible during normal operation, but during USB device unplug and respective SIM destruction it could keep pointer on SIM without having counted reference and as result crash the system by use afer free. PR: usb/168743 Modified: stable/9/sys/cam/cam_xpt.c Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/cam/cam_xpt.c == --- stable/9/sys/cam/cam_xpt.c Wed Jun 27 10:07:29 2012(r237636) +++ stable/9/sys/cam/cam_xpt.c Wed Jun 27 11:02:35 2012(r237637) @@ -4990,8 +4990,8 @@ camisr(void *dummy) while ((sim = TAILQ_FIRST(&queue)) != NULL) { TAILQ_REMOVE(&queue, sim, links); CAM_SIM_LOCK(sim); - sim->flags &= ~CAM_SIM_ON_DONEQ; camisr_runqueue(&sim->sim_doneq); + sim->flags &= ~CAM_SIM_ON_DONEQ; CAM_SIM_UNLOCK(sim); } mtx_lock(&cam_simq_lock); ___ svn-src-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org" ___ freebsd-usb@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-usb To unsubscribe, send any mail to "freebsd-usb-unsubscr...@freebsd.org"