diff options
| author | will <will@FreeBSD.org> | 2014-09-18 02:01:36 +0000 |
|---|---|---|
| committer | will <will@FreeBSD.org> | 2014-09-18 02:01:36 +0000 |
| commit | 063ae3ec952fe8abc6647ee2ac4949e1a3a3a901 (patch) | |
| tree | 09b1683af5da99a716bbc5f899468caf60483621 /share | |
| parent | ad4df7fd320711af1c0e3bf59b9c7274c0cf95ae (diff) | |
| download | FreeBSD-src-063ae3ec952fe8abc6647ee2ac4949e1a3a3a901.zip FreeBSD-src-063ae3ec952fe8abc6647ee2ac4949e1a3a3a901.tar.gz | |
Fix a kernel panic when unloading isp(4).
In the current implementation, the isp_kthread() threads never exit.
The target threads do have an exit mode from isp_attach(), but it is
not invoked from isp_detach().
Ensure isp_detach() notifies threads started for each channel, such
that they exit before their parent device softc detaches, and thus
before the module does. Otherwise, a page fault panic occurs later in:
sysctl_kern_proc
sysctl_out_proc
kern_proc_out
fill_kinfo_proc
fill_kinfo_thread
strlcpy(kp->ki_wmesg, td->td_wmesg, sizeof(kp->ki_wmesg));
For isp_kthread() (and isp(4) target threads), td->td_wmesg references
now-unmapped memory after the module has been unloaded. These threads
are typically msleep()ing at the time of unload, but they could also
attempt to execute now-unmapped code segments.
MFC after: 1 month
Sponsored by: Spectra Logic
MFSpectraBSD: r1070921 on 2014/06/22 13:01:17
Diffstat (limited to 'share')
0 files changed, 0 insertions, 0 deletions
