d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Protect ccbq access with devq->send_mtx in the XPT_ABORT handler.

Browse Source 
Submitted by:	Ryan Libby <rlibby@gmail.com>
Reviewed by:	mav
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D7985
This commit is contained in:
Mark Johnston 2016-09-21 00:08:42 +00:00
parent 9e8f606352
commit dda945f50a
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
sys/cam/cam_xpt.c
View File

@ -2578,21 +2578,25 @@ xpt_action_default(union ccb *start_ccb)
abort_ccb = start_ccb->cab.abort_ccb;
if (XPT_FC_IS_DEV_QUEUED(abort_ccb)) {
struct cam_ed *device;
struct cam_devq *devq;
if (abort_ccb->ccb_h.pinfo.index >= 0) {
struct cam_ccbq *ccbq;
struct cam_ed *device;
device = abort_ccb->ccb_h.path->device;
devq = device->sim->devq;
device = abort_ccb->ccb_h.path->device;
ccbq = &device->ccbq;
cam_ccbq_remove_ccb(ccbq, abort_ccb);
mtx_lock(&devq->send_mtx);
if (abort_ccb->ccb_h.pinfo.index > 0) {
cam_ccbq_remove_ccb(&device->ccbq, abort_ccb);
abort_ccb->ccb_h.status =
CAM_REQ_ABORTED|CAM_DEV_QFRZN;
xpt_freeze_devq(abort_ccb->ccb_h.path, 1);
xpt_freeze_devq_device(device, 1);
mtx_unlock(&devq->send_mtx);
xpt_done(abort_ccb);
start_ccb->ccb_h.status = CAM_REQ_CMP;
break;
}
mtx_unlock(&devq->send_mtx);
if (abort_ccb->ccb_h.pinfo.index == CAM_UNQUEUED_INDEX
&& (abort_ccb->ccb_h.status & CAM_SIM_QUEUED) == 0) {
/*