git: 25375b1415f8 - main - ahci/siis/mvs: Fix panics after 3394d4239b.

Fri, 04 Mar 2022 17:55:47 -0800 

The branch main has been updated by mav:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=25375b1415f8a0b0290b56c00c31d20e218ffab9

commit 25375b1415f8a0b0290b56c00c31d20e218ffab9
Author:     Alexander Motin <m...@freebsd.org>
AuthorDate: 2022-03-05 01:49:05 +0000
Commit:     Alexander Motin <m...@freebsd.org>
CommitDate: 2022-03-05 01:55:23 +0000

    ahci/siis/mvs: Fix panics after 3394d4239b.
    
    Full CCB header overwrites made frees go into wrong zones, causing
    kernel panics.  Instead of copying full header use xpt_setup_ccb(),
    since the only field I see used from all the header is target_id.
    
    PR:     262263
---
 sys/dev/ahci/ahci.c | 3 ++-
 sys/dev/mvs/mvs.c   | 3 ++-
 sys/dev/siis/siis.c | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/sys/dev/ahci/ahci.c b/sys/dev/ahci/ahci.c
index 12e6ee8102da..d62a043eb2ab 100644
--- a/sys/dev/ahci/ahci.c
+++ b/sys/dev/ahci/ahci.c
@@ -2178,7 +2178,8 @@ completeall:
                ahci_reset(ch);
                return;
        }
-       ccb->ccb_h = ch->hold[i]->ccb_h;        /* Reuse old header. */
+       xpt_setup_ccb(&ccb->ccb_h, ch->hold[i]->ccb_h.path,
+           ch->hold[i]->ccb_h.pinfo.priority);
        if (ccb->ccb_h.func_code == XPT_ATA_IO) {
                /* READ LOG */
                ccb->ccb_h.recovery_type = RECOVERY_READ_LOG;
diff --git a/sys/dev/mvs/mvs.c b/sys/dev/mvs/mvs.c
index 7ef3e50e25c6..96275ed6e572 100644
--- a/sys/dev/mvs/mvs.c
+++ b/sys/dev/mvs/mvs.c
@@ -1801,7 +1801,8 @@ completeall:
                mvs_reset(dev);
                return;
        }
-       ccb->ccb_h = ch->hold[i]->ccb_h;        /* Reuse old header. */
+       xpt_setup_ccb(&ccb->ccb_h, ch->hold[i]->ccb_h.path,
+           ch->hold[i]->ccb_h.pinfo.priority);
        if (ccb->ccb_h.func_code == XPT_ATA_IO) {
                /* READ LOG */
                ccb->ccb_h.recovery_type = RECOVERY_READ_LOG;
diff --git a/sys/dev/siis/siis.c b/sys/dev/siis/siis.c
index 19b73f71be8e..93df7c4f1494 100644
--- a/sys/dev/siis/siis.c
+++ b/sys/dev/siis/siis.c
@@ -1396,7 +1396,8 @@ completeall:
                siis_reset(dev);
                return;
        }
-       ccb->ccb_h = ch->hold[i]->ccb_h;        /* Reuse old header. */
+       xpt_setup_ccb(&ccb->ccb_h, ch->hold[i]->ccb_h.path,
+           ch->hold[i]->ccb_h.pinfo.priority);
        if (ccb->ccb_h.func_code == XPT_ATA_IO) {
                /* READ LOG */
                ccb->ccb_h.recovery_type = RECOVERY_READ_LOG;

Reply via email to