Hold the reference count until the CCB is released

When a disk disappears and the periph is invalidated, any I/Os that are pending with the controller can cause a crash when they complete. Move to holding the softc reference count taken in dastart() until the I/O is complete rather than only until xpt_action() returns. (This approach was suggested by Ken Merry.) Sponsored by: Netflix Submitted by: Chuck Silvers Differential Revision: https://reviews.freebsd.org/D15435
svn path=/head/; revision=333648
2018-05-15 21:25:35 +00:00 · 2018-05-15 21:25:35 +00:00 · 0eedd21317 · 2020-12-20 02:59:44 +00:00
commit 0eedd21317
parent 646fd30caf
1 changed files with 6 additions and 5 deletions
--- a/sys/cam/scsi/scsi_da.c
+++ b/sys/cam/scsi/scsi_da.c
@ -3300,7 +3300,6 @@ dastart(struct cam_periph *periph, union ccb *start_ccb)
 		cam_periph_unlock(periph);
 		xpt_action(start_ccb);
 		cam_periph_lock(periph);
-		softc->refcount--;

 		/* May have more work to do, so ensure we stay scheduled */
 		daschedule(periph);
@ -4443,13 +4442,15 @@ dadone(struct cam_periph *periph, union ccb *done_ccb)
 		softc->flags |= DA_FLAG_WAS_OTAG;

 	/*
-	 * We need to call cam_iosched before we call biodone so that we
-	 * don't measure any activity that happens in the completion
-	 * routine, which in the case of sendfile can be quite
-	 * extensive.
+	 * We need to call cam_iosched before we call biodone so that we don't
+	 * measure any activity that happens in the completion routine, which in
+	 * the case of sendfile can be quite extensive. Release the periph
+	 * refcount taken in dastart() for each CCB.
 	 */
 	cam_iosched_bio_complete(softc->cam_iosched, bp, done_ccb);
 	xpt_release_ccb(done_ccb);
+	KASSERT(softc->refcount >= 1, ("dadone softc %p refcount %d", softc, softc->refcount));
+	softc->refcount--;
 	if (state == DA_CCB_DELETE) {
 		TAILQ_HEAD(, bio) queue;