Fix a scribbler in the PMS driver.

The ESGL bit was left uninitialized when executing the REPORT LUNS ioctl. This could allow a zeroed data buffer to be treated as a scatter/gather list. The firmware would eventually walk past the end of the data buffer, potentially find what looked like a valid address/length pair, and write the result to semi-random memory. Obtained from: Dell EMC Isilon MFC after: 1 week Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19398
svn path=/head/; revision=345009
2019-03-11 14:26:45 +00:00 · 2019-03-11 14:26:45 +00:00 · 2fb6802f27 · 2020-12-20 02:59:44 +00:00
commit 2fb6802f27
parent 6f9dbc0e6e
1 changed files with 3 additions and 1 deletions
--- a/sys/dev/pms/RefTisa/tisa/sassata/sas/ini/itdio.c
+++ b/sys/dev/pms/RefTisa/tisa/sassata/sas/ini/itdio.c
@ -1874,7 +1874,9 @@ tiNumOfLunIOCTLreq(
      
    agSSPFrame->dataLength = REPORT_LUN_LEN;
    agSSPFrame->agSgl.len =	sizeof(agsaSSPCmdInfoUnit_t);
-    
+    agSSPFrame->agSgl.extReserved = 0;
+    CLEAR_ESGL_EXTEND(agSSPFrame->agSgl.extReserved);
+
    status = saSSPStart(agRoot, agIORequest, 0, agDevHandle, agRequestType,agSASRequestBody,agNULL,
    										   &ossaSSPIoctlCompleted);
    if(status != AGSA_RC_SUCCESS)