Module Name:    src
Committed By:   jdolecek
Date:           Sat Mar 17 09:36:32 UTC 2018

Modified Files:
        src/sys/dev/ic: nvme.c

Log Message:
fix passthrough command usage also in nvme_get_number_of_queues(), fixes
memory corruption and possible panic on boot

PR kern/53059


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 src/sys/dev/ic/nvme.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/ic/nvme.c
diff -u src/sys/dev/ic/nvme.c:1.35 src/sys/dev/ic/nvme.c:1.36
--- src/sys/dev/ic/nvme.c:1.35	Sat Mar 17 00:28:03 2018
+++ src/sys/dev/ic/nvme.c	Sat Mar 17 09:36:32 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: nvme.c,v 1.35 2018/03/17 00:28:03 jdolecek Exp $	*/
+/*	$NetBSD: nvme.c,v 1.36 2018/03/17 09:36:32 jdolecek Exp $	*/
 /*	$OpenBSD: nvme.c,v 1.49 2016/04/18 05:59:50 dlg Exp $ */
 
 /*
@@ -18,7 +18,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nvme.c,v 1.35 2018/03/17 00:28:03 jdolecek Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nvme.c,v 1.36 2018/03/17 09:36:32 jdolecek Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -1443,6 +1443,7 @@ nvme_fill_identify(struct nvme_queue *q,
 static int
 nvme_get_number_of_queues(struct nvme_softc *sc, u_int *nqap)
 {
+	struct nvme_pt_state state;
 	struct nvme_pt_command pt;
 	struct nvme_ccb *ccb;
 	uint16_t ncqa, nsqa;
@@ -1455,8 +1456,12 @@ nvme_get_number_of_queues(struct nvme_so
 	pt.cmd.opcode = NVM_ADMIN_GET_FEATURES;
 	pt.cmd.cdw10 = NVM_FEATURE_NUMBER_OF_QUEUES;
 
+	memset(&state, 0, sizeof(state));
+	state.pt = &pt;
+	state.finished = false;
+
 	ccb->ccb_done = nvme_pt_done;
-	ccb->ccb_cookie = &pt;
+	ccb->ccb_cookie = &state;
 
 	rv = nvme_poll(sc, sc->sc_admin_q, ccb, nvme_pt_fill, NVME_TIMO_QOP);
 

Reply via email to