Sat Sep 19 18:32:42 2015 UTC ()
Use value *before* freeing it. Found by brainy, reported by maxv.


(dholland)
diff -r1.12 -r1.13 src/sys/dev/iscsi/iscsi_ioctl.c
cvs diff -r1.12 -r1.13 src/sys/dev/iscsi/iscsi_ioctl.c (expand / switch to unified diff)

--- src/sys/dev/iscsi/iscsi_ioctl.c 2015/05/30 20:09:47 1.12
+++ src/sys/dev/iscsi/iscsi_ioctl.c 2015/09/19 18:32:42 1.13
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: iscsi_ioctl.c,v 1.12 2015/05/30 20:09:47 joerg Exp $ */ 1/* $NetBSD: iscsi_ioctl.c,v 1.13 2015/09/19 18:32:42 dholland Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2004,2005,2006,2011 The NetBSD Foundation, Inc. 4 * Copyright (c) 2004,2005,2006,2011 The NetBSD Foundation, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This code is derived from software contributed to The NetBSD Foundation 7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Wasabi Systems, Inc. 8 * by Wasabi Systems, Inc.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -1529,29 +1529,29 @@ iscsi_cleanup_thread(void *par) @@ -1529,29 +1529,29 @@ iscsi_cleanup_thread(void *par)
1529 1529
1530 rc = unmap_session(sess); 1530 rc = unmap_session(sess);
1531 if (rc == 0) { 1531 if (rc == 0) {
1532 DEB(1, ("Cleanup: Unmap session %d failed\n", sess->id)); 1532 DEB(1, ("Cleanup: Unmap session %d failed\n", sess->id));
1533 s = splbio(); 1533 s = splbio();
1534 TAILQ_INSERT_HEAD(&iscsi_cleanups_list, sess, sessions); 1534 TAILQ_INSERT_HEAD(&iscsi_cleanups_list, sess, sessions);
1535 splx(s); 1535 splx(s);
1536 } 1536 }
1537 1537
1538 if (sess->target_list != NULL) 1538 if (sess->target_list != NULL)
1539 free(sess->target_list, M_TEMP); 1539 free(sess->target_list, M_TEMP);
1540 /* notify event handlers of session shutdown */ 1540 /* notify event handlers of session shutdown */
1541 add_event(ISCSI_SESSION_TERMINATED, sess->id, 0, status); 1541 add_event(ISCSI_SESSION_TERMINATED, sess->id, 0, status);
 1542 DEB(1, ("Cleanup: session ended %d\n", sess->id));
1542 free(sess, M_DEVBUF); 1543 free(sess, M_DEVBUF);
1543 1544
1544 DEB(1, ("Cleanup: session ended %d\n", sess->id)); 
1545 s = splbio(); 1545 s = splbio();
1546 } 1546 }
1547 splx(s); 1547 splx(s);
1548 1548
1549 DEB(5, ("Cleanup: Done\n")); 1549 DEB(5, ("Cleanup: Done\n"));
1550 1550
1551 s = splbio(); 1551 s = splbio();
1552 } else { 1552 } else {
1553 /* Go to sleep, but wake up every 30 seconds to 1553 /* Go to sleep, but wake up every 30 seconds to
1554 * check for dead event handlers */ 1554 * check for dead event handlers */
1555 splx(s); 1555 splx(s);
1556 rc = tsleep(&iscsi_cleanupc_list, PWAIT, "cleanup", 1556 rc = tsleep(&iscsi_cleanupc_list, PWAIT, "cleanup",
1557 (TAILQ_FIRST(&event_handlers)) ? 30 * hz : 0); 1557 (TAILQ_FIRST(&event_handlers)) ? 30 * hz : 0);