diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-02-03 21:42:13 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-02-03 21:42:13 +0000 |
| commit | 9a34bfe13fc92979f672143f1dec3d3f9cd3a283 (patch) | |
| tree | dac3e43b1ed16643b0aa426db2d419840c0fc25c | |
| parent | 2590984d30265a3137b948f67a2f658e8a585e50 (diff) | |
Do not access the scsi link of the disk at the beginning of sdopen()
and sdminphys() if the scsi disk is dying. The memory of the link
may have been freed already.
OK krw@
| -rw-r--r-- | sys/scsi/sd.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/sys/scsi/sd.c b/sys/scsi/sd.c index 96c6bd815a1..3e56fdaa444 100644 --- a/sys/scsi/sd.c +++ b/sys/scsi/sd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sd.c,v 1.262 2016/02/03 15:16:33 bluhm Exp $ */ +/* $OpenBSD: sd.c,v 1.263 2016/02/03 21:42:12 bluhm Exp $ */ /* $NetBSD: sd.c,v 1.111 1997/04/02 02:29:41 mycroft Exp $ */ /*- @@ -341,12 +341,12 @@ sdopen(dev_t dev, int flag, int fmt, struct proc *p) sc = sdlookup(unit); if (sc == NULL) return (ENXIO); - sc_link = sc->sc_link; - if (sc->flags & SDF_DYING) { device_unref(&sc->sc_dev); return (ENXIO); } + sc_link = sc->sc_link; + if (ISSET(flag, FWRITE) && ISSET(sc_link->flags, SDEV_READONLY)) { device_unref(&sc->sc_dev); return (EACCES); @@ -781,6 +781,10 @@ sdminphys(struct buf *bp) sc = sdlookup(DISKUNIT(bp->b_dev)); if (sc == NULL) return; /* XXX - right way to fail this? */ + if (sc->flags & SDF_DYING) { + device_unref(&sc->sc_dev); + return; + } sc_link = sc->sc_link; /* |