svn commit: r308451 - in head/sys/cam: . scsi

Conrad E. Meyer cem at FreeBSD.org
Tue Nov 8 21:17:26 UTC 2016 

Author: cem
Date: Tue Nov  8 21:17:24 2016
New Revision: 308451
URL: https://svnweb.freebsd.org/changeset/base/308451

Log:
  cam: Zero bio pointer in user-supplied SCSI CCBs
  
  The BUF_TRACKING bio pointer only makes sense for kernel consumers of
  CCBs.
  
  PR:		214250
  Reported by:	trasz@
  Reviewed by:	imp@, markj@
  Sponsored by:	Dell EMC Isilon
  Differential Revision:	https://reviews.freebsd.org/D8477

Modified:
  head/sys/cam/cam_xpt.c
  head/sys/cam/scsi/scsi_pass.c

Modified: head/sys/cam/cam_xpt.c
==============================================================================
--- head/sys/cam/cam_xpt.c	Tue Nov  8 21:15:50 2016	(r308450)
+++ head/sys/cam/cam_xpt.c	Tue Nov  8 21:17:24 2016	(r308451)
@@ -414,6 +414,10 @@ xptdoioctl(struct cdev *dev, u_long cmd,
 		struct cam_eb *bus;
 
 		inccb = (union ccb *)addr;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (inccb->ccb_h.func_code == XPT_SCSI_IO)
+			inccb->csio.bio = NULL;
+#endif
 
 		bus = xpt_find_bus(inccb->ccb_h.path_id);
 		if (bus == NULL)
@@ -593,6 +597,10 @@ xptdoioctl(struct cdev *dev, u_long cmd,
 		unit = ccb->cgdl.unit_number;
 		name = ccb->cgdl.periph_name;
 		base_periph_found = 0;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (ccb->ccb_h.func_code == XPT_SCSI_IO)
+			ccb->csio.bio = NULL;
+#endif
 
 		/*
 		 * Sanity check -- make sure we don't get a null peripheral

Modified: head/sys/cam/scsi/scsi_pass.c
==============================================================================
--- head/sys/cam/scsi/scsi_pass.c	Tue Nov  8 21:15:50 2016	(r308450)
+++ head/sys/cam/scsi/scsi_pass.c	Tue Nov  8 21:17:24 2016	(r308451)
@@ -1777,6 +1777,10 @@ passdoioctl(struct cdev *dev, u_long cmd
 		int ccb_malloced;
 
 		inccb = (union ccb *)addr;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (inccb->ccb_h.func_code == XPT_SCSI_IO)
+			inccb->csio.bio = NULL;
+#endif
 
 		/*
 		 * Some CCB types, like scan bus and scan lun can only go
@@ -1875,6 +1879,10 @@ passdoioctl(struct cdev *dev, u_long cmd
 			cam_periph_lock(periph);
 			break;
 		}
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (ccb->ccb_h.func_code == XPT_SCSI_IO)
+			ccb->csio.bio = NULL;
+#endif
 
 		if (ccb->ccb_h.flags & CAM_CDB_POINTER) {
 			if (ccb->csio.cdb_len > IOCDBLEN) {

More information about the svn-src-head mailing list