FreeBSD Mail Archives

Date:      Tue, 8 Nov 2016 21:17:25 +0000 (UTC)
From:      "Conrad E. Meyer" <cem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r308451 - in head/sys/cam: . scsi
Message-ID:  <201611082117.uA8LHPju004062@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: cem
Date: Tue Nov  8 21:17:24 2016
New Revision: 308451
URL: https://svnweb.freebsd.org/changeset/base/308451

Log:
  cam: Zero bio pointer in user-supplied SCSI CCBs
  
  The BUF_TRACKING bio pointer only makes sense for kernel consumers of
  CCBs.
  
  PR:		214250
  Reported by:	trasz@
  Reviewed by:	imp@, markj@
  Sponsored by:	Dell EMC Isilon
  Differential Revision:	https://reviews.freebsd.org/D8477

Modified:
  head/sys/cam/cam_xpt.c
  head/sys/cam/scsi/scsi_pass.c

Modified: head/sys/cam/cam_xpt.c
==============================================================================
--- head/sys/cam/cam_xpt.c	Tue Nov  8 21:15:50 2016	(r308450)
+++ head/sys/cam/cam_xpt.c	Tue Nov  8 21:17:24 2016	(r308451)
@@ -414,6 +414,10 @@ xptdoioctl(struct cdev *dev, u_long cmd,
 		struct cam_eb *bus;
 
 		inccb = (union ccb *)addr;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (inccb->ccb_h.func_code == XPT_SCSI_IO)
+			inccb->csio.bio = NULL;
+#endif
 
 		bus = xpt_find_bus(inccb->ccb_h.path_id);
 		if (bus == NULL)
@@ -593,6 +597,10 @@ xptdoioctl(struct cdev *dev, u_long cmd,
 		unit = ccb->cgdl.unit_number;
 		name = ccb->cgdl.periph_name;
 		base_periph_found = 0;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (ccb->ccb_h.func_code == XPT_SCSI_IO)
+			ccb->csio.bio = NULL;
+#endif
 
 		/*
 		 * Sanity check -- make sure we don't get a null peripheral

Modified: head/sys/cam/scsi/scsi_pass.c
==============================================================================
--- head/sys/cam/scsi/scsi_pass.c	Tue Nov  8 21:15:50 2016	(r308450)
+++ head/sys/cam/scsi/scsi_pass.c	Tue Nov  8 21:17:24 2016	(r308451)
@@ -1777,6 +1777,10 @@ passdoioctl(struct cdev *dev, u_long cmd
 		int ccb_malloced;
 
 		inccb = (union ccb *)addr;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (inccb->ccb_h.func_code == XPT_SCSI_IO)
+			inccb->csio.bio = NULL;
+#endif
 
 		/*
 		 * Some CCB types, like scan bus and scan lun can only go
@@ -1875,6 +1879,10 @@ passdoioctl(struct cdev *dev, u_long cmd
 			cam_periph_lock(periph);
 			break;
 		}
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (ccb->ccb_h.func_code == XPT_SCSI_IO)
+			ccb->csio.bio = NULL;
+#endif
 
 		if (ccb->ccb_h.flags & CAM_CDB_POINTER) {
 			if (ccb->csio.cdb_len > IOCDBLEN) {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611082117.uA8LHPju004062>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation