Mercurial > illumos > illumos-gate

diff usr/src/uts/common/io/comstar/port/pppt/pppt_msg.c @ 14069:13ecd3583387

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
3775 Upstreaming of ALUA use-after-free fixes from Nexenta Reviewed by: Saso Kiselkov <skiselkov.ml@gmail.com> Reviewed by: T Nguyen <truongqnguien@gmail.com> Approved by: Richard Lowe <richlowe@richlowe.net>
author Dan McDonald <danmcd@nexenta.com>
date Thu, 27 Jun 2013 13:54:16 -0400
parents 1d9a1ccf92e6
children
line wrap: on
line diff
--- a/usr/src/uts/common/io/comstar/port/pppt/pppt_msg.c	Mon Jun 24 09:23:31 2013 +0200
+++ b/usr/src/uts/common/io/comstar/port/pppt/pppt_msg.c	Thu Jun 27 13:54:16 2013 -0400
@@ -20,6 +20,7 @@
  */
 /*
  * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2013, Nexenta Systems, Inc. All rights reserved.
  */
 
 #include <sys/cpuvar.h>
@@ -316,8 +317,8 @@
 	    scmd->icsc_task_lun_no,
 	    scmd->icsc_task_cdb_length, 0);
 	if (ptask->pt_stmf_task == NULL) {
+		/* NOTE: pppt_task_done() will free ptask. */
 		(void) pppt_task_done(ptask);
-		pppt_task_free(ptask);
 		pppt_sess_rele(pppt_sess);
 		pppt_msg_tx_status(msg, STMF_ALLOC_FAILURE);
 		stmf_ic_msg_free(msg);
@@ -326,6 +327,8 @@
 	}
 
 	task = ptask->pt_stmf_task;
+	/* task_port_private reference is a real reference. */
+	(void) pppt_task_hold(ptask);
 	task->task_port_private = ptask;
 	task->task_flags = scmd->icsc_task_flags;
 	task->task_additional_flags = 0;