From owner-freebsd-scsi@FreeBSD.ORG  Fri Sep 19 10:50:35 2003
Return-Path: <owner-freebsd-scsi@FreeBSD.ORG>
Delivered-To: freebsd-scsi@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id F1CD816A4D5; Fri, 19 Sep 2003 10:50:34 -0700 (PDT)
Received: from melusine.cuivre.fr.eu.org (melusine.cuivre.fr.eu.org
	[62.212.105.185])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B027C43FB1; Fri, 19 Sep 2003 10:50:33 -0700 (PDT)
	(envelope-from thomas@FreeBSD.ORG)
Received: by melusine.cuivre.fr.eu.org (Postfix, from userid 1000)
	id 8737F2C3D4; Fri, 19 Sep 2003 19:50:32 +0200 (CEST)
Date: Fri, 19 Sep 2003 19:50:32 +0200
From: Thomas Quinot <thomas@FreeBSD.ORG>
To: freebsd-scsi@freebsd.org, ken@freebsd.org
Message-ID: <20030919175032.GA2430@melusine.cuivre.fr.eu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
X-message-flag: WARNING! Using Outlook can damage your computer.
Subject: Defend against calling sysctl_ctx_free on uninitialized context
X-BeenThere: freebsd-scsi@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: SCSI subsystem <freebsd-scsi.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-scsi>,
	<mailto:freebsd-scsi-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-scsi>
List-Post: <mailto:freebsd-scsi@freebsd.org>
List-Help: <mailto:freebsd-scsi-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-scsi>,
	<mailto:freebsd-scsi-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2003 17:50:35 -0000

If a fatal error occurs while cd(4) is attaching, before the sysctl_ctx
has been initialized, then it must not be freed. The following patch
resolves this problem, please review.

Thanks,
Thomas.

Index: scsi_cd.c
===================================================================
RCS file: /home/ncvs/src/sys/cam/scsi/scsi_cd.c,v
retrieving revision 1.83
diff -u -r1.83 scsi_cd.c
--- scsi_cd.c	11 Sep 2003 19:27:24 -0000	1.83
+++ scsi_cd.c	19 Sep 2003 17:47:03 -0000
@@ -91,17 +91,18 @@
 } cd_quirks;
 
 typedef enum {
-	CD_FLAG_INVALID		= 0x001,
-	CD_FLAG_NEW_DISC	= 0x002,
-	CD_FLAG_DISC_LOCKED	= 0x004,
-	CD_FLAG_DISC_REMOVABLE	= 0x008,
-	CD_FLAG_TAGGED_QUEUING	= 0x010,
-	CD_FLAG_CHANGER		= 0x040,
-	CD_FLAG_ACTIVE		= 0x080,
-	CD_FLAG_SCHED_ON_COMP	= 0x100,
-	CD_FLAG_RETRY_UA	= 0x200,
-	CD_FLAG_VALID_MEDIA	= 0x400,
-	CD_FLAG_VALID_TOC	= 0x800
+	CD_FLAG_INVALID		= 0x0001,
+	CD_FLAG_NEW_DISC	= 0x0002,
+	CD_FLAG_DISC_LOCKED	= 0x0004,
+	CD_FLAG_DISC_REMOVABLE	= 0x0008,
+	CD_FLAG_TAGGED_QUEUING	= 0x0010,
+	CD_FLAG_CHANGER		= 0x0040,
+	CD_FLAG_ACTIVE		= 0x0080,
+	CD_FLAG_SCHED_ON_COMP	= 0x0100,
+	CD_FLAG_RETRY_UA	= 0x0200,
+	CD_FLAG_VALID_MEDIA	= 0x0400,
+	CD_FLAG_VALID_TOC	= 0x0800,
+	CD_FLAG_SCTX_INIT	= 0x1000
 } cd_flags;
 
 typedef enum {
@@ -458,7 +459,8 @@
 	xpt_print_path(periph->path);
 	printf("removing device entry\n");
 
-	if (sysctl_ctx_free(&softc->sysctl_ctx) != 0) {
+	if ((softc->flags & CD_FLAG_SCTX_INIT) != 0
+	    && sysctl_ctx_free(&softc->sysctl_ctx) != 0) {
 		xpt_print_path(periph->path);
 		printf("can't remove sysctl context\n");
 	}
@@ -622,6 +624,7 @@
 	mtx_lock(&Giant);
 
 	sysctl_ctx_init(&softc->sysctl_ctx);
+	softc->flags |= CD_FLAG_SCTX_INIT;
 	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
 		SYSCTL_STATIC_CHILDREN(_kern_cam_cd), OID_AUTO,
 		tmpstr2, CTLFLAG_RD, 0, tmpstr);

-- 
    Thomas.Quinot@Cuivre.FR.EU.ORG