summaryrefslogtreecommitdiff
path: root/sys/dev/ic
diff options
context:
space:
mode:
authorKenneth R Westerback <krw@cvs.openbsd.org>2001-10-14 02:56:35 +0000
committerKenneth R Westerback <krw@cvs.openbsd.org>2001-10-14 02:56:35 +0000
commit5df2ca0894388a5488a434bff7b3164639270833 (patch)
tree34a437892e33c8e909f34fa06017e40c3497d617 /sys/dev/ic
parent134ae39aef68b49f3c907e1bad7e2f86fad1779a (diff)
Andreas Gunnarsson found a bug in iha that causes system crashes
when running a DIAGNOSTIC kernel. This was exposed by the recent migration of the SCSI layer to use pools. timeout_del() was being called on de-allocated memory after every completed SCSI command. Which worked as long as the memory was not reused or zapped ... This patch, slightly modified from Andreas's original diff, moves the timeout_del() to before the call to scsi_done() which de-allocates the memory holding the timeout. All scb's that start a timeout go through this logic and have the timeout_del() called. ok millert@ deraadt@
Diffstat (limited to 'sys/dev/ic')
-rw-r--r--sys/dev/ic/iha.c8
1 files changed, 3 insertions, 5 deletions
diff --git a/sys/dev/ic/iha.c b/sys/dev/ic/iha.c
index d86a7d64581..41027cb49ed 100644
--- a/sys/dev/ic/iha.c
+++ b/sys/dev/ic/iha.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: iha.c,v 1.9 2001/08/26 02:39:05 krw Exp $ */
+/* $OpenBSD: iha.c,v 1.10 2001/10/14 02:56:34 krw Exp $ */
/*
* Initio INI-9xxxU/UW SCSI Device Driver
*
@@ -521,9 +521,6 @@ iha_append_free_scb(sc, pScb)
s = splbio();
- if (pScb->SCB_Xs != NULL)
- timeout_del(&pScb->SCB_Xs->stimeout);
-
if (pScb == sc->HCS_ActScb)
sc->HCS_ActScb = NULL;
@@ -2483,10 +2480,11 @@ iha_done_scb(sc, pScb)
bus_dmamap_unload(sc->sc_dmat, pScb->SCB_Dmamap);
}
+ timeout_del(&xs->stimeout);
xs->flags |= ITSDONE;
scsi_done(xs);
}
-
+
iha_append_free_scb(sc, pScb);
}