git: 23b90ad00a2a - stable/13 - cam: make sure to clear CCBs allocated on the stack
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 20 Jan 2025 12:42:13 UTC
The branch stable/13 has been updated by zlei:
URL: https://cgit.FreeBSD.org/src/commit/?id=23b90ad00a2a00e4c4fa25b996de79266ae152a6
commit 23b90ad00a2a00e4c4fa25b996de79266ae152a6
Author: Edward Tomasz Napierala <trasz@FreeBSD.org>
AuthorDate: 2021-03-30 18:15:11 +0000
Commit: Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2025-01-20 12:39:26 +0000
cam: make sure to clear CCBs allocated on the stack
This is required for small CCBs support, where we need to track
whether the CCB was allocated from an UMA zone or not. There are
no (intended) functional changes with the current source.
Reviewed By: imp
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D29484
(cherry picked from commit 076686fe0703b906a05c9869609dd550bd4ed7ac)
---
sys/cam/cam_periph.c | 6 ++++++
sys/cam/cam_xpt.c | 5 +++++
sys/cam/scsi/scsi_da.c | 3 +++
sys/cam/scsi/scsi_xpt.c | 7 +++++++
4 files changed, 21 insertions(+)
diff --git a/sys/cam/cam_periph.c b/sys/cam/cam_periph.c
index 21abebc416ae..f609e198921a 100644
--- a/sys/cam/cam_periph.c
+++ b/sys/cam/cam_periph.c
@@ -760,6 +760,7 @@ camperiphfree(struct cam_periph *periph)
union ccb ccb;
void *arg;
+ memset(&ccb, 0, sizeof(ccb));
switch (periph->deferred_ac) {
case AC_FOUND_DEVICE:
ccb.ccb_h.func_code = XPT_GDEV_TYPE;
@@ -1333,6 +1334,7 @@ cam_freeze_devq(struct cam_path *path)
struct ccb_hdr ccb_h;
CAM_DEBUG(path, CAM_DEBUG_TRACE, ("cam_freeze_devq\n"));
+ memset(&ccb_h, 0, sizeof(ccb_h));
xpt_setup_ccb(&ccb_h, path, /*priority*/1);
ccb_h.func_code = XPT_NOOP;
ccb_h.flags = CAM_DEV_QFREEZE;
@@ -1348,6 +1350,7 @@ cam_release_devq(struct cam_path *path, u_int32_t relsim_flags,
CAM_DEBUG(path, CAM_DEBUG_TRACE, ("cam_release_devq(%u, %u, %u, %d)\n",
relsim_flags, openings, arg, getcount_only));
+ memset(&crs, 0, sizeof(crs));
xpt_setup_ccb(&crs.ccb_h, path, CAM_PRIORITY_NORMAL);
crs.ccb_h.func_code = XPT_REL_SIMQ;
crs.ccb_h.flags = getcount_only ? CAM_DEV_QFREEZE : 0;
@@ -1472,6 +1475,7 @@ cam_periph_bus_settle(struct cam_periph *periph, u_int bus_settle)
{
struct ccb_getdevstats cgds;
+ memset(&cgds, 0, sizeof(cgds));
xpt_setup_ccb(&cgds.ccb_h, periph->path, CAM_PRIORITY_NORMAL);
cgds.ccb_h.func_code = XPT_GDEV_STATS;
xpt_action((union ccb *)&cgds);
@@ -1543,6 +1547,7 @@ camperiphscsistatuserror(union ccb *ccb, union ccb **orig_ccb,
* First off, find out what the current
* transaction counts are.
*/
+ memset(&cgds, 0, sizeof(cgds));
xpt_setup_ccb(&cgds.ccb_h,
ccb->ccb_h.path,
CAM_PRIORITY_NORMAL);
@@ -1661,6 +1666,7 @@ camperiphscsisenseerror(union ccb *ccb, union ccb **orig,
/*
* Grab the inquiry data for this device.
*/
+ memset(&cgd, 0, sizeof(cgd));
xpt_setup_ccb(&cgd.ccb_h, ccb->ccb_h.path, CAM_PRIORITY_NORMAL);
cgd.ccb_h.func_code = XPT_GDEV_TYPE;
xpt_action((union ccb *)&cgd);
diff --git a/sys/cam/cam_xpt.c b/sys/cam/cam_xpt.c
index 391a5b8ae2a2..25679c705741 100644
--- a/sys/cam/cam_xpt.c
+++ b/sys/cam/cam_xpt.c
@@ -495,6 +495,7 @@ xptdoioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *
* This is an immediate CCB, so it's okay to
* allocate it on the stack.
*/
+ memset(&ccb, 0, sizeof(ccb));
/*
* Create a path using the bus, target, and lun the
@@ -2546,6 +2547,7 @@ xptsetasyncfunc(struct cam_ed *device, void *arg)
if ((device->flags & CAM_DEV_UNCONFIGURED) != 0)
return (1);
+ memset(&cgd, 0, sizeof(cgd));
xpt_compile_path(&path,
NULL,
device->target->bus->path_id,
@@ -5024,6 +5026,7 @@ xpt_start_tags(struct cam_path *path)
sim->max_tagged_dev_openings);
xpt_dev_ccbq_resize(path, newopenings);
xpt_async(AC_GETDEV_CHANGED, path, NULL);
+ memset(&crs, 0, sizeof(crs));
xpt_setup_ccb(&crs.ccb_h, path, CAM_PRIORITY_NORMAL);
crs.ccb_h.func_code = XPT_REL_SIMQ;
crs.release_flags = RELSIM_RELEASE_AFTER_QEMPTY;
@@ -5049,6 +5052,7 @@ xpt_stop_tags(struct cam_path *path)
device->inq_flags &= ~SID_CmdQue;
xpt_dev_ccbq_resize(path, sim->max_dev_openings);
xpt_async(AC_GETDEV_CHANGED, path, NULL);
+ memset(&crs, 0, sizeof(crs));
xpt_setup_ccb(&crs.ccb_h, path, CAM_PRIORITY_NORMAL);
crs.ccb_h.func_code = XPT_REL_SIMQ;
crs.release_flags = RELSIM_RELEASE_AFTER_QEMPTY;
@@ -5206,6 +5210,7 @@ xpt_register_async(int event, ac_callback_t *cbfunc, void *cbarg,
xptpath = 1;
}
+ memset(&csa, 0, sizeof(csa));
xpt_setup_ccb(&csa.ccb_h, path, CAM_PRIORITY_NORMAL);
csa.ccb_h.func_code = XPT_SASYNC_CB;
csa.event_enable = event;
diff --git a/sys/cam/scsi/scsi_da.c b/sys/cam/scsi/scsi_da.c
index 5782d414bd42..2161e3340ff6 100644
--- a/sys/cam/scsi/scsi_da.c
+++ b/sys/cam/scsi/scsi_da.c
@@ -4888,6 +4888,7 @@ dadone_proberc(struct cam_periph *periph, union ccb *done_ccb)
/*timeout*/0,
/*getcount_only*/0);
+ memset(&cgd, 0, sizeof(cgd));
xpt_setup_ccb(&cgd.ccb_h, done_ccb->ccb_h.path,
CAM_PRIORITY_NORMAL);
cgd.ccb_h.func_code = XPT_GDEV_TYPE;
@@ -6133,6 +6134,7 @@ dasetgeom(struct cam_periph *periph, uint32_t block_len, uint64_t maxsector,
* up with something that will make this a bootable
* device.
*/
+ memset(&ccg, 0, sizeof(ccg));
xpt_setup_ccb(&ccg.ccb_h, periph->path, CAM_PRIORITY_NORMAL);
ccg.ccb_h.func_code = XPT_CALC_GEOMETRY;
ccg.block_size = dp->secsize;
@@ -6170,6 +6172,7 @@ dasetgeom(struct cam_periph *periph, uint32_t block_len, uint64_t maxsector,
min(sizeof(softc->rcaplong), rcap_len)) != 0)) {
struct ccb_dev_advinfo cdai;
+ memset(&cdai, 0, sizeof(cdai));
xpt_setup_ccb(&cdai.ccb_h, periph->path, CAM_PRIORITY_NORMAL);
cdai.ccb_h.func_code = XPT_DEV_ADVINFO;
cdai.buftype = CDAI_TYPE_RCAPLONG;
diff --git a/sys/cam/scsi/scsi_xpt.c b/sys/cam/scsi/scsi_xpt.c
index 512d4ad6823a..37d8333e21a8 100644
--- a/sys/cam/scsi/scsi_xpt.c
+++ b/sys/cam/scsi/scsi_xpt.c
@@ -1046,6 +1046,7 @@ proberequestdefaultnegotiation(struct cam_periph *periph)
{
struct ccb_trans_settings cts;
+ memset(&cts, 0, sizeof(cts));
xpt_setup_ccb(&cts.ccb_h, periph->path, CAM_PRIORITY_NONE);
cts.ccb_h.func_code = XPT_GET_TRAN_SETTINGS;
cts.type = CTS_TYPE_USER_SETTINGS;
@@ -2299,6 +2300,7 @@ scsi_scan_lun(struct cam_periph *periph, struct cam_path *path,
CAM_DEBUG(path, CAM_DEBUG_TRACE, ("scsi_scan_lun\n"));
+ memset(&cpi, 0, sizeof(cpi));
xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NONE);
cpi.ccb_h.func_code = XPT_PATH_INQ;
xpt_action((union ccb *)&cpi);
@@ -2425,6 +2427,7 @@ scsi_devise_transport(struct cam_path *path)
struct scsi_inquiry_data *inq_buf;
/* Get transport information from the SIM */
+ memset(&cpi, 0, sizeof(cpi));
xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NONE);
cpi.ccb_h.func_code = XPT_PATH_INQ;
xpt_action((union ccb *)&cpi);
@@ -2485,6 +2488,7 @@ scsi_devise_transport(struct cam_path *path)
*/
/* Tell the controller what we think */
+ memset(&cts, 0, sizeof(cts));
xpt_setup_ccb(&cts.ccb_h, path, CAM_PRIORITY_NONE);
cts.ccb_h.func_code = XPT_SET_TRAN_SETTINGS;
cts.type = CTS_TYPE_CURRENT_SETTINGS;
@@ -2747,6 +2751,7 @@ scsi_set_transfer_settings(struct ccb_trans_settings *cts, struct cam_path *path
* Perform sanity checking against what the
* controller and device can do.
*/
+ memset(&cur_cts, 0, sizeof(cur_cts));
xpt_setup_ccb(&cur_cts.ccb_h, path, CAM_PRIORITY_NONE);
cur_cts.ccb_h.func_code = XPT_GET_TRAN_SETTINGS;
cur_cts.type = cts->type;
@@ -2930,6 +2935,7 @@ scsi_toggle_tags(struct cam_path *path)
&& (dev->inq_flags & (SID_Sync|SID_WBus16|SID_WBus32)) != 0)) {
struct ccb_trans_settings cts;
+ memset(&cts, 0, sizeof(cts));
xpt_setup_ccb(&cts.ccb_h, path, CAM_PRIORITY_NONE);
cts.protocol = PROTO_SCSI;
cts.protocol_version = PROTO_VERSION_UNSPECIFIED;
@@ -3037,6 +3043,7 @@ _scsi_announce_periph(struct cam_periph *periph, u_int *speed, u_int *freq, stru
return;
/* Ask the SIM for its base transfer speed */
+ memset(&cpi, 0, sizeof(cpi));
xpt_setup_ccb(&cpi.ccb_h, path, CAM_PRIORITY_NORMAL);
cpi.ccb_h.func_code = XPT_PATH_INQ;
xpt_action((union ccb *)&cpi);