From dda945f50a9652022166c79c1714d0d07a8408e6 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Wed, 21 Sep 2016 00:08:42 +0000 Subject: [PATCH] Protect ccbq access with devq->send_mtx in the XPT_ABORT handler. Submitted by: Ryan Libby Reviewed by: mav MFC after: 2 weeks Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D7985 --- sys/cam/cam_xpt.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/sys/cam/cam_xpt.c b/sys/cam/cam_xpt.c index 859ed9a4f634..cfca7807c781 100644 --- a/sys/cam/cam_xpt.c +++ b/sys/cam/cam_xpt.c @@ -2578,21 +2578,25 @@ xpt_action_default(union ccb *start_ccb) abort_ccb = start_ccb->cab.abort_ccb; if (XPT_FC_IS_DEV_QUEUED(abort_ccb)) { + struct cam_ed *device; + struct cam_devq *devq; - if (abort_ccb->ccb_h.pinfo.index >= 0) { - struct cam_ccbq *ccbq; - struct cam_ed *device; + device = abort_ccb->ccb_h.path->device; + devq = device->sim->devq; - device = abort_ccb->ccb_h.path->device; - ccbq = &device->ccbq; - cam_ccbq_remove_ccb(ccbq, abort_ccb); + mtx_lock(&devq->send_mtx); + if (abort_ccb->ccb_h.pinfo.index > 0) { + cam_ccbq_remove_ccb(&device->ccbq, abort_ccb); abort_ccb->ccb_h.status = CAM_REQ_ABORTED|CAM_DEV_QFRZN; - xpt_freeze_devq(abort_ccb->ccb_h.path, 1); + xpt_freeze_devq_device(device, 1); + mtx_unlock(&devq->send_mtx); xpt_done(abort_ccb); start_ccb->ccb_h.status = CAM_REQ_CMP; break; } + mtx_unlock(&devq->send_mtx); + if (abort_ccb->ccb_h.pinfo.index == CAM_UNQUEUED_INDEX && (abort_ccb->ccb_h.status & CAM_SIM_QUEUED) == 0) { /*