From owner-dev-commits-src-main@freebsd.org Tue Mar 30 18:23:39 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8E12D5A84B2; Tue, 30 Mar 2021 18:23:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F8yWH3dThz55kP; Tue, 30 Mar 2021 18:23:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6F7F63191; Tue, 30 Mar 2021 18:23:39 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 12UINdAr061356; Tue, 30 Mar 2021 18:23:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 12UINdqs061355; Tue, 30 Mar 2021 18:23:39 GMT (envelope-from git) Date: Tue, 30 Mar 2021 18:23:39 GMT Message-Id: <202103301823.12UINdqs061355@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Edward Tomasz Napierala Subject: git: 076686fe0703 - main - cam: make sure to clear CCBs allocated on the stack MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: trasz X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 076686fe0703b906a05c9869609dd550bd4ed7ac Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Mar 2021 18:23:39 -0000 The branch main has been updated by trasz: URL: https://cgit.FreeBSD.org/src/commit/?id=076686fe0703b906a05c9869609dd550bd4ed7ac commit 076686fe0703b906a05c9869609dd550bd4ed7ac Author: Edward Tomasz Napierala AuthorDate: 2021-03-30 18:15:11 +0000 Commit: Edward Tomasz Napierala CommitDate: 2021-03-30 18:15:43 +0000 cam: make sure to clear CCBs allocated on the stack This is required for small CCBs support, where we need to track whether the CCB was allocated from an UMA zone or not. There are no (intended) functional changes with the current source. Reviewed By: imp Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D29484 --- sys/cam/cam_periph.c | 6 ++++++ sys/cam/cam_xpt.c | 5 +++++ sys/cam/scsi/scsi_da.c | 3 +++ sys/cam/scsi/scsi_xpt.c | 7 +++++++ 4 files changed, 21 insertions(+) diff --git a/sys/cam/cam_periph.c b/sys/cam/cam_periph.c index 98b9264f1069..3e1a19936825 100644 --- a/sys/cam/cam_periph.c +++ b/sys/cam/cam_periph.c @@ -746,6 +746,7 @@ camperiphfree(struct cam_periph *periph) union ccb ccb; void *arg; + memset(&ccb, 0, sizeof(ccb)); switch (periph->deferred_ac) { case AC_FOUND_DEVICE: ccb.ccb_h.func_code = XPT_GDEV_TYPE; @@ -1318,6 +1319,7 @@ cam_freeze_devq(struct cam_path *path) struct ccb_hdr ccb_h; CAM_DEBUG(path, CAM_DEBUG_TRACE, ("cam_freeze_devq\n")); + memset(&ccb_h, 0, sizeof(ccb_h)); xpt_setup_ccb(&ccb_h, path, /*priority*/1); ccb_h.func_code = XPT_NOOP; ccb_h.flags = CAM_DEV_QFREEZE; @@ -1333,6 +1335,7 @@ cam_release_devq(struct cam_path *path, u_int32_t relsim_flags, CAM_DEBUG(path, CAM_DEBUG_TRACE, ("cam_release_devq(%u, %u, %u, %d)\n", relsim_flags, openings, arg, getcount_only)); + memset(&crs, 0, sizeof(crs)); xpt_setup_ccb(&crs.ccb_h, path, CAM_PRIORITY_NORMAL); crs.ccb_h.func_code = XPT_REL_SIMQ; crs.ccb_h.flags = getcount_only ? CAM_DEV_QFREEZE : 0; @@ -1456,6 +1459,7 @@ cam_periph_bus_settle(struct cam_periph *periph, u_int bus_settle) { struct ccb_getdevstats cgds; + memset(&cgds, 0, sizeof(cgds)); xpt_setup_ccb(&cgds.ccb_h, periph->path, CAM_PRIORITY_NORMAL); cgds.ccb_h.func_code = XPT_GDEV_STATS; xpt_action((union ccb *)&cgds); @@ -1527,6 +1531,7 @@ camperiphscsistatuserror(union ccb *ccb, union ccb **orig_ccb, * First off, find out what the current * transaction counts are. */ + memset(&cgds, 0, sizeof(cgds)); xpt_setup_ccb(&cgds.ccb_h, ccb->ccb_h.path, CAM_PRIORITY_NORMAL); @@ -1645,6 +1650,7 @@ camperiphscsisenseerror(union ccb *ccb, union ccb **orig, /* * Grab the inquiry data for this device. */ + memset(&cgd, 0, sizeof(cgd)); xpt_setup_ccb(&cgd.ccb_h, ccb->ccb_h.path, CAM_PRIORITY_NORMAL); cgd.ccb_h.func_code = XPT_GDEV_TYPE; xpt_action((union ccb *)&cgd); diff --git a/sys/cam/cam_xpt.c b/sys/cam/cam_xpt.c index 24e16bebb2e7..b7bc2b74da6c 100644 --- a/sys/cam/cam_xpt.c +++ b/sys/cam/cam_xpt.c @@ -499,6 +499,7 @@ xptdoioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread * * This is an immediate CCB, so it's okay to * allocate it on the stack. */ + memset(&ccb, 0, sizeof(ccb)); /* * Create a path using the bus, target, and lun the @@ -2595,6 +2596,7 @@ xptsetasyncfunc(struct cam_ed *device, void *arg) if ((device->flags & CAM_DEV_UNCONFIGURED) != 0) return (1); + memset(&cgd, 0, sizeof(cgd)); xpt_compile_path(&path, NULL, device->target->bus->path_id, @@ -5078,6 +5080,7 @@ xpt_start_tags(struct cam_path *path) sim->max_tagged_dev_openings); xpt_dev_ccbq_resize(path, newopenings); xpt_async(AC_GETDEV_CHANGED, path, NULL); + memset(&crs, 0, sizeof(crs)); xpt_setup_ccb(&crs.ccb_h, path, CAM_PRIORITY_NORMAL); crs.ccb_h.func_code = XPT_REL_SIMQ; crs.release_flags = RELSIM_RELEASE_AFTER_QEMPTY; @@ -5103,6 +5106,7 @@ xpt_stop_tags(struct cam_path *path) device->inq_flags &= ~SID_CmdQue; xpt_dev_ccbq_resize(path, sim->max_dev_openings); xpt_async(AC_GETDEV_CHANGED, path, NULL); + memset(&crs, 0, sizeof(crs)); xpt_setup_ccb(&crs.ccb_h, path, CAM_PRIORITY_NORMAL); crs.ccb_h.func_code = XPT_REL_SIMQ; crs.release_flags = RELSIM_RELEASE_AFTER_QEMPTY; @@ -5260,6 +5264,7 @@ xpt_register_async(int event, ac_callback_t *cbfunc, void *cbarg, xptpath = 1; } + memset(&csa, 0, sizeof(csa)); xpt_setup_ccb(&csa.ccb_h, path, CAM_PRIORITY_NORMAL); csa.ccb_h.func_code = XPT_SASYNC_CB; csa.event_enable = event; diff --git a/sys/cam/scsi/scsi_da.c b/sys/cam/scsi/scsi_da.c index c13b51921745..baba5d9ed839 100644 --- a/sys/cam/scsi/scsi_da.c +++ b/sys/cam/scsi/scsi_da.c @@ -4879,6 +4879,7 @@ dadone_proberc(struct cam_periph *periph, union ccb *done_ccb) /*timeout*/0, /*getcount_only*/0); + memset(&cgd, 0, sizeof(cgd)); xpt_setup_ccb(&cgd.ccb_h, done_ccb->ccb_h.path, CAM_PRIORITY_NORMAL); cgd.ccb_h.func_code = XPT_GDEV_TYPE; @@ -6125,6 +6126,7 @@ dasetgeom(struct cam_periph *periph, uint32_t block_len, uint64_t maxsector, * up with something that will make this a bootable * device. */ + memset(&ccg, 0, sizeof(ccg)); xpt_setup_ccb(&ccg.ccb_h, periph->path, CAM_PRIORITY_NORMAL); ccg.ccb_h.func_code = XPT_CALC_GEOMETRY; ccg.block_size = dp->secsize; @@ -6162,6 +6164,7 @@ dasetgeom(struct cam_periph *periph, uint32_t block_len, uint64_t maxsector, min(sizeof(softc->rcaplong), rcap_len)) != 0)) { struct ccb_dev_advinfo cdai; + memset(&cdai, 0, sizeof(cdai)); xpt_setup_ccb(&cdai.ccb_h, periph->path, CAM_PRIORITY_NORMAL); cdai.ccb_h.func_code = XPT_DEV_ADVINFO; cdai.buftype = CDAI_TYPE_RCAPLONG; diff --git a/sys/cam/scsi/scsi_xpt.c b/sys/cam/scsi/scsi_xpt.c index 2ec1490c0edf..5db60fcccd01 100644 --- a/sys/cam/scsi/scsi_xpt.c +++ b/sys/cam/scsi/scsi_xpt.c @@ -1036,6 +1036,7 @@ proberequestdefaultnegotiation(struct cam_periph *periph) { struct ccb_trans_settings cts; + memset(&cts, 0, sizeof(cts)); xpt_setup_ccb(&cts.ccb_h, periph->path, CAM_PRIORITY_NONE); cts.ccb_h.func_code = XPT_GET_TRAN_SETTINGS; cts.type = CTS_TYPE_USER_SETTINGS; @@ -2306,6 +2307,7 @@ scsi_scan_lun(struct cam_periph *periph, struct cam_path *path, CAM_DEBUG(path, CAM_DEBUG_TRACE, ("scsi_scan_lun\n")); + memset(&cpi, 0, sizeof(cpi)); xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NONE); cpi.ccb_h.func_code = XPT_PATH_INQ; xpt_action((union ccb *)&cpi); @@ -2432,6 +2434,7 @@ scsi_devise_transport(struct cam_path *path) struct scsi_inquiry_data *inq_buf; /* Get transport information from the SIM */ + memset(&cpi, 0, sizeof(cpi)); xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NONE); cpi.ccb_h.func_code = XPT_PATH_INQ; xpt_action((union ccb *)&cpi); @@ -2492,6 +2495,7 @@ scsi_devise_transport(struct cam_path *path) */ /* Tell the controller what we think */ + memset(&cts, 0, sizeof(cts)); xpt_setup_ccb(&cts.ccb_h, path, CAM_PRIORITY_NONE); cts.ccb_h.func_code = XPT_SET_TRAN_SETTINGS; cts.type = CTS_TYPE_CURRENT_SETTINGS; @@ -2754,6 +2758,7 @@ scsi_set_transfer_settings(struct ccb_trans_settings *cts, struct cam_path *path * Perform sanity checking against what the * controller and device can do. */ + memset(&cur_cts, 0, sizeof(cur_cts)); xpt_setup_ccb(&cur_cts.ccb_h, path, CAM_PRIORITY_NONE); cur_cts.ccb_h.func_code = XPT_GET_TRAN_SETTINGS; cur_cts.type = cts->type; @@ -2937,6 +2942,7 @@ scsi_toggle_tags(struct cam_path *path) && (dev->inq_flags & (SID_Sync|SID_WBus16|SID_WBus32)) != 0)) { struct ccb_trans_settings cts; + memset(&cts, 0, sizeof(cts)); xpt_setup_ccb(&cts.ccb_h, path, CAM_PRIORITY_NONE); cts.protocol = PROTO_SCSI; cts.protocol_version = PROTO_VERSION_UNSPECIFIED; @@ -3044,6 +3050,7 @@ _scsi_announce_periph(struct cam_periph *periph, u_int *speed, u_int *freq, stru return; /* Ask the SIM for its base transfer speed */ + memset(&cpi, 0, sizeof(cpi)); xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NORMAL); cpi.ccb_h.func_code = XPT_PATH_INQ; xpt_action((union ccb *)&cpi);