freebsd-nq/sys/dev/isp
Will Andrews 1d0a1de2aa Fix a kernel panic when unloading isp(4).
In the current implementation, the isp_kthread() threads never exit.

The target threads do have an exit mode from isp_attach(), but it is
not invoked from isp_detach().

Ensure isp_detach() notifies threads started for each channel, such
that they exit before their parent device softc detaches, and thus
before the module does.  Otherwise, a page fault panic occurs later in:

sysctl_kern_proc
  sysctl_out_proc
    kern_proc_out
      fill_kinfo_proc
        fill_kinfo_thread
          strlcpy(kp->ki_wmesg, td->td_wmesg, sizeof(kp->ki_wmesg));

For isp_kthread() (and isp(4) target threads), td->td_wmesg references
now-unmapped memory after the module has been unloaded.  These threads
are typically msleep()ing at the time of unload, but they could also
attempt to execute now-unmapped code segments.

MFC after:	1 month
Sponsored by:	Spectra Logic
MFSpectraBSD:	r1070921 on 2014/06/22 13:01:17
2014-09-18 02:01:36 +00:00
..
DriverManual.txt
Hardware.txt
isp_freebsd.c Fix a kernel panic when unloading isp(4). 2014-09-18 02:01:36 +00:00
isp_freebsd.h Fix a kernel panic when unloading isp(4). 2014-09-18 02:01:36 +00:00
isp_ioctl.h
isp_library.c
isp_library.h
isp_pci.c
isp_sbus.c
isp_stds.h
isp_target.c
isp_target.h
isp.c
ispmbox.h
ispreg.h
ispvar.h