From 6579b5f83ecd468aab94cbdca349ee60259116bd Mon Sep 17 00:00:00 2001
From: jsg <jsg@openbsd.org>
Date: Tue, 28 May 2024 01:37:53 +0000
Subject: [PATCH] Move ccb access before ccb_done to avoid a potential
 use-after-free if pages can be freed from interrupt context.  ok dlg@

---
 sys/dev/ic/ahci.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/dev/ic/ahci.c b/sys/dev/ic/ahci.c
index 225b57eac72..0f7ac5decd5 100644
--- a/sys/dev/ic/ahci.c
+++ b/sys/dev/ic/ahci.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ahci.c,v 1.40 2024/04/23 13:09:21 jsg Exp $ */
+/*	$OpenBSD: ahci.c,v 1.41 2024/05/28 01:37:53 jsg Exp $ */
 
 /*
  * Copyright (c) 2006 David Gwynne <dlg@openbsd.org>
@@ -2350,9 +2350,9 @@ failall:
 			       sizeof(struct ata_fis_d2h));
 		}
 
-		ccb->ccb_done(ccb);
-
 		processed |= 1 << ccb->ccb_slot;
+
+		ccb->ccb_done(ccb);
 	}
 
 	if (need_restart) {
-- 
2.20.1