From owner-dev-commits-src-all@freebsd.org  Sun May 16 18:03:28 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D3BA162B1A7;
 Sun, 16 May 2021 18:03:28 +0000 (UTC)
 (envelope-from etnapierala@gmail.com)
Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com
 [IPv6:2a00:1450:4864:20::431])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FjqrJ5HWfz3CW8;
 Sun, 16 May 2021 18:03:28 +0000 (UTC)
 (envelope-from etnapierala@gmail.com)
Received: by mail-wr1-x431.google.com with SMTP id i17so4075659wrq.11;
 Sun, 16 May 2021 11:03:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=sender:date:from:to:cc:subject:message-id:mail-followup-to
 :references:mime-version:content-disposition:in-reply-to;
 bh=RJd8EkduXX1rOocBDVC1ceaIUceaXDSc4J8sp+3rY0E=;
 b=OnkmTGeijHITWrzexNz32ko0Yg2nlraovElXAOFNnrxCPqiQtLYEFFkAmYyuxT6Z0W
 fpgQQz0G0x4YpGAbEHVbLtjUNOKBmPol7Q6FyFJrQSjpnBFKiSTn2M1bGVhXjaLG9g44
 HFc5tpWj6pylpec+pgHzDvxwdXcE2dqAIB2FxtyQ65XXQHrQaCL7g06NIY8GcfVeTSvA
 X2PfshR+7WMycR1LlX3cqe8kWh9AL/PUq+BSo/oW46rlwn/mKWHcfYAx3R47miQDz5mo
 9u2gwKEiuFo8aFbTwe9RMDK1pLvSl+CO471rpq4p6n+OeSE33mYVdsJu56V284fcNUzk
 A0fQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:date:from:to:cc:subject:message-id
 :mail-followup-to:references:mime-version:content-disposition
 :in-reply-to;
 bh=RJd8EkduXX1rOocBDVC1ceaIUceaXDSc4J8sp+3rY0E=;
 b=ryyPzp2e2JCYebJ4OFdZLvDS4QmjH5HOAKUq4RHL751g4z7NwPU8q2W4ra7YCWr5DF
 QeeMCR4tSO5OrJ76VnOB27H3zub0cImJ7mU95+VZfsAhc7ojK2BnruTlTLUF/CnLtaSt
 Pn5yxgvmWAOPInqz037CxWPM6I3RGXtc45U/uyHCeVIXtuhzH6uW2KfgvPio5m8Y4W5C
 Gk+DXbMU6nkgUMUVuXPrsFLYvrZSjIVueb/BvvHOLIep1rJJBILpH930heCMEsQyx1BJ
 Yzp6wPLpSbC3ltEx8GvmKAXUak2fAYPWHJHVwt2GCUh/SwxI0C+T43ZlrtgUKGbNAqNd
 S/Nw==
X-Gm-Message-State: AOAM5303VnZC1OYJLdgw2lk6xIMYqjkL/J7u62OMgt6kYbC3xo8rtW1A
 hNHOZ4d9Adw5WFwPHdaONCAAoQPasq0=
X-Google-Smtp-Source: ABdhPJxwF1GbGE36PPtBMJ95CEir7aZlYkN79Tv1m01fmVv8BhvQbQ4quJkzgJo18Foibh70BWl4TQ==
X-Received: by 2002:a05:6000:1ac7:: with SMTP id
 i7mr71075228wry.380.1621188206578; 
 Sun, 16 May 2021 11:03:26 -0700 (PDT)
Received: from brick (cpc159423-cmbg20-2-0-cust338.5-4.cable.virginm.net.
 [86.7.147.83])
 by smtp.gmail.com with ESMTPSA id y14sm14129240wrr.82.2021.05.16.11.03.25
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 16 May 2021 11:03:25 -0700 (PDT)
Sender: =?UTF-8?Q?Edward_Tomasz_Napiera=C5=82a?= <etnapierala@gmail.com>
Date: Sun, 16 May 2021 19:03:24 +0100
From: Edward Tomasz Napierala <trasz@freebsd.org>
To: Warner Losh <imp@bsdimp.com>
Cc: Mark Johnston <markj@freebsd.org>,
 src-committers <src-committers@freebsd.org>,
 "<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>,
 dev-commits-src-main@freebsd.org
Subject: Re: git: 0f206cc91279 - main - cam: add missing zeroing of a
 stack-allocated CCB.
Message-ID: <YKFebPTnf1jCZtkD@brick>
Mail-Followup-To: Warner Losh <imp@bsdimp.com>,
 Mark Johnston <markj@freebsd.org>,
 src-committers <src-committers@freebsd.org>,
 "<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>,
 dev-commits-src-main@freebsd.org
References: <202105161045.14GAjZIL093217@gitrepo.freebsd.org>
 <YKFOeDlJhm8sJHJX@nuc>
 <CANCZdfrPuWJeH4xK6Z0E1c2s6fvn5_tcwd0wN+s7R-aKD61zqQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CANCZdfrPuWJeH4xK6Z0E1c2s6fvn5_tcwd0wN+s7R-aKD61zqQ@mail.gmail.com>
X-Rspamd-Queue-Id: 4FjqrJ5HWfz3CW8
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 May 2021 18:03:28 -0000

On 0516T1227, Warner Losh wrote:
> On Sun, May 16, 2021, 11:55 AM Mark Johnston <markj@freebsd.org> wrote:
> 
> > On Sun, May 16, 2021 at 10:45:35AM +0000, Edward Tomasz Napierala wrote:
> > > The branch main has been updated by trasz:
> > >
> > > URL:
> > https://cgit.FreeBSD.org/src/commit/?id=0f206cc91279e630ad9e733eb6e330b7dbe6c70e
> > >
> > > commit 0f206cc91279e630ad9e733eb6e330b7dbe6c70e
> > > Author:     Edward Tomasz Napierala <trasz@FreeBSD.org>
> > > AuthorDate: 2021-05-16 09:28:04 +0000
> > > Commit:     Edward Tomasz Napierala <trasz@FreeBSD.org>
> > > CommitDate: 2021-05-16 10:38:26 +0000
> > >
> > >     cam: add missing zeroing of a stack-allocated CCB.
> > >
> > >     This could cause a panic at boot.
> >
> > There are other instances of this, for example syzbot is currently
> > hitting an assertion, seemingly because the alloc_flags field of a
> > stack-allocated CCB was not zeroed:
> > https://syzkaller.appspot.com/bug?extid=2e9ce63919709feb3d1c
> >
> > I think the patch below will fix it, but I did not audit other callers.
> > It feels a bit strange to require all callers of xpt_setup_ccb() to
> > manually zero the structure first, can we provide a single routine to
> > initialize stack-allocated CCBs?

We definitely could, although in some cases it's a bit more
complicated than that - a function that gets passed a CCB and then
calls xpt_setup_ccb() to fill it shouldn't zero it, as that would
be making assumption on how the CCB passed to it was allocated.

Now that I look at the code, I can definitely see that I've missed
a couple of places.  Perhaps I should replace those two KASSERTs with
diagnostic printfs for now, until I get that sorted out?

> If we did, we could set a flag we could assert on, and/or do static
> analysis to find any others...

That sounds promising, except I've never done anything like that;
I don't even know where to start.