Date: Wed, 21 Jul 2021 09:53:25 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 616a676a0535 - main - cam: clear stack-allocated CCB in the target layer Message-ID: <202107210953.16L9rPdj069503@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by trasz: URL: https://cgit.FreeBSD.org/src/commit/?id=616a676a0535eca78ce6b02a6226d0bcb69d7d4e commit 616a676a0535eca78ce6b02a6226d0bcb69d7d4e Author: Edward Tomasz Napierala <trasz@FreeBSD.org> AuthorDate: 2021-07-21 09:18:15 +0000 Commit: Edward Tomasz Napierala <trasz@FreeBSD.org> CommitDate: 2021-07-21 09:18:28 +0000 cam: clear stack-allocated CCB in the target layer Note that, as pointed out by scottl@, this code should really look a bit different, in that the stack allocations should be replaced with dynamic allocation, and the periph creation should be moved to a context where one can use M_WAITOK. See the review for more details. For now let's go with a minimal fix until we're done with UMA CCBs. Reviewed By: mav, imp Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D30298 --- sys/cam/ctl/scsi_ctl.c | 3 +++ sys/cam/scsi/scsi_targ_bh.c | 7 +++++-- sys/cam/scsi/scsi_target.c | 4 +++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/sys/cam/ctl/scsi_ctl.c b/sys/cam/ctl/scsi_ctl.c index d3023f9a6c8c..8c141a88e155 100644 --- a/sys/cam/ctl/scsi_ctl.c +++ b/sys/cam/ctl/scsi_ctl.c @@ -479,6 +479,7 @@ ctlferegister(struct cam_periph *periph, void *arg) /*getcount_only*/1); } + memset(&ccb, 0, sizeof(ccb)); xpt_setup_ccb(&ccb.ccb_h, periph->path, CAM_PRIORITY_NONE); ccb.ccb_h.func_code = XPT_EN_LUN; ccb.cel.grp6_len = 0; @@ -613,6 +614,7 @@ ctlfeoninvalidate(struct cam_periph *periph) cam_status status; /* Abort all ATIOs and INOTs queued to SIM. */ + memset(&ccb, 0, sizeof(ccb)); xpt_setup_ccb(&ccb.ccb_h, periph->path, CAM_PRIORITY_NONE); ccb.ccb_h.func_code = XPT_ABORT; LIST_FOREACH(hdr, &softc->atio_list, periph_links.le) { @@ -1852,6 +1854,7 @@ ctlfe_dump_queue(struct ctlfe_lun_softc *softc) struct ccb_getdevstats cgds; int num_items; + memset(&cgds, 0, sizeof(cgds)); xpt_setup_ccb(&cgds.ccb_h, periph->path, CAM_PRIORITY_NORMAL); cgds.ccb_h.func_code = XPT_GDEV_STATS; xpt_action((union ccb *)&cgds); diff --git a/sys/cam/scsi/scsi_targ_bh.c b/sys/cam/scsi/scsi_targ_bh.c index 84aa16aa05f4..14edb254a0e5 100644 --- a/sys/cam/scsi/scsi_targ_bh.c +++ b/sys/cam/scsi/scsi_targ_bh.c @@ -241,6 +241,7 @@ targbhenlun(struct cam_periph *periph) if ((softc->flags & TARGBH_FLAG_LUN_ENABLED) != 0) return (CAM_REQ_CMP); + memset(&immed_ccb, 0, sizeof(immed_ccb)); xpt_setup_ccb(&immed_ccb.ccb_h, periph->path, CAM_PRIORITY_NORMAL); immed_ccb.ccb_h.func_code = XPT_EN_LUN; @@ -267,7 +268,7 @@ targbhenlun(struct cam_periph *periph) struct ccb_accept_tio *atio; atio = (struct ccb_accept_tio*)malloc(sizeof(*atio), M_SCSIBH, - M_NOWAIT); + M_ZERO | M_NOWAIT); if (atio == NULL) { status = CAM_RESRC_UNAVAIL; break; @@ -309,7 +310,7 @@ targbhenlun(struct cam_periph *periph) struct ccb_immediate_notify *inot; inot = (struct ccb_immediate_notify*)malloc(sizeof(*inot), - M_SCSIBH, M_NOWAIT); + M_SCSIBH, M_ZERO | M_NOWAIT); if (inot == NULL) { status = CAM_RESRC_UNAVAIL; @@ -350,6 +351,8 @@ targbhdislun(struct cam_periph *periph) if ((softc->flags & TARGBH_FLAG_LUN_ENABLED) == 0) return CAM_REQ_CMP; + memset(&ccb, 0, sizeof(ccb)); + /* XXX Block for Continue I/O completion */ /* Kill off all ACCECPT and IMMEDIATE CCBs */ diff --git a/sys/cam/scsi/scsi_target.c b/sys/cam/scsi/scsi_target.c index b2874f49f13f..b3d0461c1d24 100644 --- a/sys/cam/scsi/scsi_target.c +++ b/sys/cam/scsi/scsi_target.c @@ -363,6 +363,7 @@ targendislun(struct cam_path *path, int enable, int grp6_len, int grp7_len) cam_status status; /* Tell the lun to begin answering selects */ + memset(&en_ccb, 0, sizeof(en_ccb)); xpt_setup_ccb(&en_ccb.ccb_h, path, CAM_PRIORITY_NORMAL); en_ccb.ccb_h.func_code = XPT_EN_LUN; /* Don't need support for any vendor specific commands */ @@ -936,7 +937,7 @@ targgetccb(struct targ_softc *softc, xpt_opcode type, int priority) int ccb_len; ccb_len = targccblen(type); - ccb = malloc(ccb_len, M_TARG, M_NOWAIT); + ccb = malloc(ccb_len, M_TARG, M_NOWAIT | M_ZERO); CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("getccb %p\n", ccb)); if (ccb == NULL) { return (ccb); @@ -1033,6 +1034,7 @@ abort_all_pending(struct targ_softc *softc) * Then abort all pending CCBs. * targdone() will return the aborted CCB via user_ccb_queue */ + memset(&cab, 0, sizeof(cab)); xpt_setup_ccb(&cab.ccb_h, softc->path, CAM_PRIORITY_NORMAL); cab.ccb_h.func_code = XPT_ABORT; cab.ccb_h.status = CAM_REQ_CMP_ERR;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107210953.16L9rPdj069503>