diff options
| author | Miod Vallat <miod@cvs.openbsd.org> | 2010-12-08 21:57:48 +0000 |
|---|---|---|
| committer | Miod Vallat <miod@cvs.openbsd.org> | 2010-12-08 21:57:48 +0000 |
| commit | 90322a5b8d627eb529c60880e97022354b660843 (patch) | |
| tree | 511423db2cd7a412eee308007d4ac81b09396f82 /sys | |
| parent | b5fc34576fddb760f8fd8df0ec72f3054347f5be (diff) | |
Reset acb->xs to NULL before scsi_done if option DIAGNOSTIC. There seem to be
one bad case of use-after-free after a hell lot of heavy I/O creeping in again
in this driver. This doesn't fix it but will hopefully help me diagnose once
it occurs again.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/dev/ic/osiop.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/dev/ic/osiop.c b/sys/dev/ic/osiop.c index 57675a2cf1b..f43c9f51ac5 100644 --- a/sys/dev/ic/osiop.c +++ b/sys/dev/ic/osiop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: osiop.c,v 1.45 2010/06/28 18:31:02 krw Exp $ */ +/* $OpenBSD: osiop.c,v 1.46 2010/12/08 21:57:47 miod Exp $ */ /* $NetBSD: osiop.c,v 1.9 2002/04/05 18:27:54 bouyer Exp $ */ /* @@ -594,7 +594,7 @@ osiop_scsidone(acb, status) #ifdef DIAGNOSTIC if (acb == NULL || acb->xs == NULL) { - printf("osiop_scsidone: NULL acb or scsi_xfer\n"); + printf("osiop_scsidone: NULL acb %p or scsi_xfer\n", acb); #if defined(OSIOP_DEBUG) && defined(DDB) Debugger(); #endif @@ -709,6 +709,9 @@ osiop_scsidone(acb, status) /* Put it on the free list. */ FREE: acb->status = ACB_S_FREE; +#ifdef DIAGNOSTIC + acb->xs = NULL; +#endif sc->sc_tinfo[periph->target].cmds++; xs->resid = 0; |