From 8cc6481cd50345ce3742f4fa440764db51d75614 Mon Sep 17 00:00:00 2001
From: Alexander Motin <mav@FreeBSD.org>
Date: Thu, 11 Oct 2012 15:21:07 +0000
Subject: [PATCH] Increase device CCB queue array size by CAM_RL_VALUES - 1 (4)
 elements. It is required to store extra recovery requests in case of bus
 resets. On ATA/SATA this fixes assertion panics on HEAD with INVARIANTS
 enabled or possible memory corruptions otherwise if timeout/reset happens
 when device CCB queue is already full.

Reported by:	gibbs@
MFC after:	1 week
---
 sys/cam/cam_queue.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sys/cam/cam_queue.c b/sys/cam/cam_queue.c
index 3f4ffec084f4..359e7f491e8c 100644
--- a/sys/cam/cam_queue.c
+++ b/sys/cam/cam_queue.c
@@ -314,7 +314,8 @@ cam_ccbq_resize(struct cam_ccbq *ccbq, int new_size)
 	 * same size once the outstanding entries have been processed.
 	 */
 	if (space_left < 0
-	 || camq_resize(&ccbq->queue, new_size) == CAM_REQ_CMP) {
+	 || camq_resize(&ccbq->queue, new_size + (CAM_RL_VALUES - 1)) ==
+	    CAM_REQ_CMP) {
 		ccbq->devq_openings += delta;
 		ccbq->dev_openings += delta;
 		return (CAM_REQ_CMP);
@@ -327,7 +328,7 @@ int
 cam_ccbq_init(struct cam_ccbq *ccbq, int openings)
 {
 	bzero(ccbq, sizeof(*ccbq));
-	if (camq_init(&ccbq->queue, openings) != 0) {
+	if (camq_init(&ccbq->queue, openings + (CAM_RL_VALUES - 1)) != 0) {
 		return (1);
 	}
 	ccbq->devq_openings = openings;