svn commit: r308451 - in head/sys/cam: . scsi

Tue, 08 Nov 2016 13:18:13 -0800 

Author: cem
Date: Tue Nov  8 21:17:24 2016
New Revision: 308451
URL: https://svnweb.freebsd.org/changeset/base/308451

Log:
  cam: Zero bio pointer in user-supplied SCSI CCBs
  
  The BUF_TRACKING bio pointer only makes sense for kernel consumers of
  CCBs.
  
  PR:           214250
  Reported by:  trasz@
  Reviewed by:  imp@, markj@
  Sponsored by: Dell EMC Isilon
  Differential Revision:        https://reviews.freebsd.org/D8477

Modified:
  head/sys/cam/cam_xpt.c
  head/sys/cam/scsi/scsi_pass.c

Modified: head/sys/cam/cam_xpt.c
==============================================================================
--- head/sys/cam/cam_xpt.c      Tue Nov  8 21:15:50 2016        (r308450)
+++ head/sys/cam/cam_xpt.c      Tue Nov  8 21:17:24 2016        (r308451)
@@ -414,6 +414,10 @@ xptdoioctl(struct cdev *dev, u_long cmd,
                struct cam_eb *bus;
 
                inccb = (union ccb *)addr;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+               if (inccb->ccb_h.func_code == XPT_SCSI_IO)
+                       inccb->csio.bio = NULL;
+#endif
 
                bus = xpt_find_bus(inccb->ccb_h.path_id);
                if (bus == NULL)
@@ -593,6 +597,10 @@ xptdoioctl(struct cdev *dev, u_long cmd,
                unit = ccb->cgdl.unit_number;
                name = ccb->cgdl.periph_name;
                base_periph_found = 0;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+               if (ccb->ccb_h.func_code == XPT_SCSI_IO)
+                       ccb->csio.bio = NULL;
+#endif
 
                /*
                 * Sanity check -- make sure we don't get a null peripheral

Modified: head/sys/cam/scsi/scsi_pass.c
==============================================================================
--- head/sys/cam/scsi/scsi_pass.c       Tue Nov  8 21:15:50 2016        
(r308450)
+++ head/sys/cam/scsi/scsi_pass.c       Tue Nov  8 21:17:24 2016        
(r308451)
@@ -1777,6 +1777,10 @@ passdoioctl(struct cdev *dev, u_long cmd
                int ccb_malloced;
 
                inccb = (union ccb *)addr;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+               if (inccb->ccb_h.func_code == XPT_SCSI_IO)
+                       inccb->csio.bio = NULL;
+#endif
 
                /*
                 * Some CCB types, like scan bus and scan lun can only go
@@ -1875,6 +1879,10 @@ passdoioctl(struct cdev *dev, u_long cmd
                        cam_periph_lock(periph);
                        break;
                }
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+               if (ccb->ccb_h.func_code == XPT_SCSI_IO)
+                       ccb->csio.bio = NULL;
+#endif
 
                if (ccb->ccb_h.flags & CAM_CDB_POINTER) {
                        if (ccb->csio.cdb_len > IOCDBLEN) {
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to