caller is scsi_done which the controller interrupt handlers call. In the
case of a non-buffer based transaction, the xs structure is freed by the
process that initiated the transfer in scsi_scsi_cmd. In this case, an
explicit splbio/splx pair around the call to free_xs is required. Without
the splbio protection, the xs free list could be corrupted, and the type
driver's start routine might run without spl protection.
Submitted by: Tor Egge <Tor.Egge@idt.ntnu.no>
Obtained from: PR kern/2891
65e5a3a9df