From: jsg <jsg@openbsd.org>
Date: Tue, 28 May 2024 01:37:53 +0000 (+0000)
Subject: Move ccb access before ccb_done to avoid a potential use-after-free
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=6579b5f83ecd468aab94cbdca349ee60259116bd;p=openbsd

Move ccb access before ccb_done to avoid a potential use-after-free
if pages can be freed from interrupt context.  ok dlg@
---

diff --git a/sys/dev/ic/ahci.c b/sys/dev/ic/ahci.c
index 225b57eac72..0f7ac5decd5 100644
--- a/sys/dev/ic/ahci.c
+++ b/sys/dev/ic/ahci.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ahci.c,v 1.40 2024/04/23 13:09:21 jsg Exp $ */
+/*	$OpenBSD: ahci.c,v 1.41 2024/05/28 01:37:53 jsg Exp $ */
 
 /*
  * Copyright (c) 2006 David Gwynne <dlg@openbsd.org>
@@ -2350,9 +2350,9 @@ failall:
 			       sizeof(struct ata_fis_d2h));
 		}
 
-		ccb->ccb_done(ccb);
-
 		processed |= 1 << ccb->ccb_slot;
+
+		ccb->ccb_done(ccb);
 	}
 
 	if (need_restart) {