From d2c6e514d823765383bdbb9b8c12abd86f3bf3bf Mon Sep 17 00:00:00 2001 From: mav Date: Sat, 11 Jan 2014 13:35:36 +0000 Subject: Take additional reference on SCSI probe periph to cover its freeze count. Otherwise periph may be invalidated and freed before single-stepping freeze is dropped, causing use after free panic. --- sys/cam/cam_periph.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'sys/cam/cam_periph.c') diff --git a/sys/cam/cam_periph.c b/sys/cam/cam_periph.c index 1c636cb..ef67c79 100644 --- a/sys/cam/cam_periph.c +++ b/sys/cam/cam_periph.c @@ -376,6 +376,17 @@ cam_periph_acquire(struct cam_periph *periph) } void +cam_periph_doacquire(struct cam_periph *periph) +{ + + xpt_lock_buses(); + KASSERT(periph->refcount >= 1, + ("cam_periph_doacquire() with refcount == %d", periph->refcount)); + periph->refcount++; + xpt_unlock_buses(); +} + +void cam_periph_release_locked_buses(struct cam_periph *periph) { -- cgit v1.1