git: 616a676a0535 - main - cam: clear stack-allocated CCB in the target layer

Edward Tomasz Napierala trasz at FreeBSD.org
Wed Jul 21 09:53:25 UTC 2021 

The branch main has been updated by trasz:

URL: https://cgit.FreeBSD.org/src/commit/?id=616a676a0535eca78ce6b02a6226d0bcb69d7d4e

commit 616a676a0535eca78ce6b02a6226d0bcb69d7d4e
Author:     Edward Tomasz Napierala <trasz at FreeBSD.org>
AuthorDate: 2021-07-21 09:18:15 +0000
Commit:     Edward Tomasz Napierala <trasz at FreeBSD.org>
CommitDate: 2021-07-21 09:18:28 +0000

    cam: clear stack-allocated CCB in the target layer
    
    Note that, as pointed out by scottl@, this code should really look
    a bit different, in that the stack allocations should be replaced
    with dynamic allocation, and the periph creation should be moved
    to a context where one can use M_WAITOK.  See the review for more
    details.  For now let's go with a minimal fix until we're done with
    UMA CCBs.
    
    Reviewed By:    mav, imp
    Sponsored by:   NetApp, Inc.
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D30298
---
 sys/cam/ctl/scsi_ctl.c      | 3 +++
 sys/cam/scsi/scsi_targ_bh.c | 7 +++++--
 sys/cam/scsi/scsi_target.c  | 4 +++-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/sys/cam/ctl/scsi_ctl.c b/sys/cam/ctl/scsi_ctl.c
index d3023f9a6c8c..8c141a88e155 100644
--- a/sys/cam/ctl/scsi_ctl.c
+++ b/sys/cam/ctl/scsi_ctl.c
@@ -479,6 +479,7 @@ ctlferegister(struct cam_periph *periph, void *arg)
 		    /*getcount_only*/1);
 	}
 
+	memset(&ccb, 0, sizeof(ccb));
 	xpt_setup_ccb(&ccb.ccb_h, periph->path, CAM_PRIORITY_NONE);
 	ccb.ccb_h.func_code = XPT_EN_LUN;
 	ccb.cel.grp6_len = 0;
@@ -613,6 +614,7 @@ ctlfeoninvalidate(struct cam_periph *periph)
 	cam_status status;
 
 	/* Abort all ATIOs and INOTs queued to SIM. */
+	memset(&ccb, 0, sizeof(ccb));
 	xpt_setup_ccb(&ccb.ccb_h, periph->path, CAM_PRIORITY_NONE);
 	ccb.ccb_h.func_code = XPT_ABORT;
 	LIST_FOREACH(hdr, &softc->atio_list, periph_links.le) {
@@ -1852,6 +1854,7 @@ ctlfe_dump_queue(struct ctlfe_lun_softc *softc)
 	struct ccb_getdevstats cgds;
 	int num_items;
 
+	memset(&cgds, 0, sizeof(cgds));
 	xpt_setup_ccb(&cgds.ccb_h, periph->path, CAM_PRIORITY_NORMAL);
 	cgds.ccb_h.func_code = XPT_GDEV_STATS;
 	xpt_action((union ccb *)&cgds);
diff --git a/sys/cam/scsi/scsi_targ_bh.c b/sys/cam/scsi/scsi_targ_bh.c
index 84aa16aa05f4..14edb254a0e5 100644
--- a/sys/cam/scsi/scsi_targ_bh.c
+++ b/sys/cam/scsi/scsi_targ_bh.c
@@ -241,6 +241,7 @@ targbhenlun(struct cam_periph *periph)
 	if ((softc->flags & TARGBH_FLAG_LUN_ENABLED) != 0)
 		return (CAM_REQ_CMP);
 
+	memset(&immed_ccb, 0, sizeof(immed_ccb));
 	xpt_setup_ccb(&immed_ccb.ccb_h, periph->path, CAM_PRIORITY_NORMAL);
 	immed_ccb.ccb_h.func_code = XPT_EN_LUN;
 
@@ -267,7 +268,7 @@ targbhenlun(struct cam_periph *periph)
 		struct ccb_accept_tio *atio;
 
 		atio = (struct ccb_accept_tio*)malloc(sizeof(*atio), M_SCSIBH,
-						      M_NOWAIT);
+						      M_ZERO | M_NOWAIT);
 		if (atio == NULL) {
 			status = CAM_RESRC_UNAVAIL;
 			break;
@@ -309,7 +310,7 @@ targbhenlun(struct cam_periph *periph)
 		struct ccb_immediate_notify *inot;
 
 		inot = (struct ccb_immediate_notify*)malloc(sizeof(*inot),
-			    M_SCSIBH, M_NOWAIT);
+			    M_SCSIBH, M_ZERO | M_NOWAIT);
 
 		if (inot == NULL) {
 			status = CAM_RESRC_UNAVAIL;
@@ -350,6 +351,8 @@ targbhdislun(struct cam_periph *periph)
 	if ((softc->flags & TARGBH_FLAG_LUN_ENABLED) == 0)
 		return CAM_REQ_CMP;
 
+	memset(&ccb, 0, sizeof(ccb));
+
 	/* XXX Block for Continue I/O completion */
 
 	/* Kill off all ACCECPT and IMMEDIATE CCBs */
diff --git a/sys/cam/scsi/scsi_target.c b/sys/cam/scsi/scsi_target.c
index b2874f49f13f..b3d0461c1d24 100644
--- a/sys/cam/scsi/scsi_target.c
+++ b/sys/cam/scsi/scsi_target.c
@@ -363,6 +363,7 @@ targendislun(struct cam_path *path, int enable, int grp6_len, int grp7_len)
 	cam_status	  status;
 
 	/* Tell the lun to begin answering selects */
+	memset(&en_ccb, 0, sizeof(en_ccb));
 	xpt_setup_ccb(&en_ccb.ccb_h, path, CAM_PRIORITY_NORMAL);
 	en_ccb.ccb_h.func_code = XPT_EN_LUN;
 	/* Don't need support for any vendor specific commands */
@@ -936,7 +937,7 @@ targgetccb(struct targ_softc *softc, xpt_opcode type, int priority)
 	int ccb_len;
 
 	ccb_len = targccblen(type);
-	ccb = malloc(ccb_len, M_TARG, M_NOWAIT);
+	ccb = malloc(ccb_len, M_TARG, M_NOWAIT | M_ZERO);
 	CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("getccb %p\n", ccb));
 	if (ccb == NULL) {
 		return (ccb);
@@ -1033,6 +1034,7 @@ abort_all_pending(struct targ_softc *softc)
 	 * Then abort all pending CCBs.
 	 * targdone() will return the aborted CCB via user_ccb_queue
 	 */
+	memset(&cab, 0, sizeof(cab));
 	xpt_setup_ccb(&cab.ccb_h, softc->path, CAM_PRIORITY_NORMAL);
 	cab.ccb_h.func_code = XPT_ABORT;
 	cab.ccb_h.status = CAM_REQ_CMP_ERR;

More information about the dev-commits-src-all mailing list