The hpt{nr,rr} ioctl handler allocates a buffer without M_ZERO and calls
hpt_do_ioctl(), which might not overwrite the entire buffer.
Also zero bytesReturned in case it is not written by hpt_do_ioctl().
The hpt27{nr,rr} device has permissions only for root so this is not urgent,
and the fix can be MFCd and considered for a future EN.
The same issue was reported in the hpt27xx driver by Ilja Van Sprundel.
Reviewed by: jhb, kib
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
costly PCI config space operations that slows down systems without the
hardware.
Many thanks to HighPoint for continued support of FreeBSD!
Submitted by: Steve Chang
Reported by: cperciva
MFC after: 2 weeks
The hpt27xx(4), hptnr(4), and hptrr(4) drivers declare MIN() and MAX()
internally which match the macros from sys/param.h.
MIN() is not used, MAX is only used once and can be replaced with the
max() version in libkern.h which operates on u_ints.
MFC after: 2 weeks
The sim_vid, hba_vid, and dev_name fields of struct ccb_pathinq are
fixed-length strings. AFAICT the only place they're read is in
sbin/camcontrol/camcontrol.c, which assumes they'll be null-terminated.
However, the kernel doesn't null-terminate them. A bunch of copy-pasted code
uses strncpy to write them, and doesn't guarantee null-termination. For at
least 4 drivers (mpr, mps, ciss, and hyperv), the hba_vid field actually
overflows. You can see the result by doing "camcontrol negotiate da0 -v".
This change null-terminates those fields everywhere they're set in the
kernel. It also shortens a few strings to ensure they'll fit within the
16-character field.
PR: 215474
Reported by: Coverity
CID: 1009997 1010000 1010001 1010002 1010003 1010004 1010005
CID: 1331519 1010006 1215097 1010007 1288967 1010008 1306000
CID: 1211924 1010009 1010010 1010011 1010012 1010013 1010014
CID: 1147190 1010017 1010016 1010018 1216435 1010020 1010021
CID: 1010022 1009666 1018185 1010023 1010025 1010026 1010027
CID: 1010028 1010029 1010030 1010031 1010033 1018186 1018187
CID: 1010035 1010036 1010042 1010041 1010040 1010039
Reviewed by: imp, sephe, slm
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D9037
Differential Revision: https://reviews.freebsd.org/D9038
Most of these are BARs, and we allocate them in their entirety. The one outlier
in this is amdsbwd, which calls bus_set_resource() prior.
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D5370 (partial)
v1.1.4 2015-06-09
* Fix a bug that FailLED was not initialized properly.
v1.1.3 2015-05-19
* Support Report Luns command.
v1.1.2 2015-05-05
* Fix a bug that report wrong physical sector size for 512e HDD.
Many thanks to HighPoint for continued support of FreeBSD!
This driver update is intended for 10.2-RELEASE.
Submitted by: Steve Chang
MFC after: 3 days
v1.1.1 2015-03-26
* Support 4Kn drive.
* Change the SCSI target ID of the disk to be the index of physical
connetion to the HBA.
* Support staggered drive spin up.
* Fix a bug that command would be timeout because of improper
interrupt service routine.
* Error handling to avoid scsi command lost which caused system
hang up.
* Fix a bug that fail to get the devcie's serial number via
FreeNAS WebGUI.
Many thanks to HighPoint for continued support of FreeBSD!
MFC after: 2 weeks
Previously, any timeout value for which (timeout * hz) will overflow the
signed integer, will give weird results, since callout(9) routines will
convert negative values of ticks to '1'. For unsigned integer overflow we
will get sufficiently smaller timeout values than expected.
Switch from callout_reset, which requires conversion to int based ticks
to callout_reset_sbt to avoid this.
Also correct isci to correctly resolve ccb timeout.
This was based on the original work done by Eygene Ryabinkin
<rea@freebsd.org> back in 5 Aug 2011 which used a macro to help avoid
the overlow.
Differential Revision: https://reviews.freebsd.org/D1157
Reviewed by: mav, davide
MFC after: 1 month
Sponsored by: Multiplay
v1.0.1 2014-8-19
* Do not retry the command and reset the disk when failed to enable or
disable spin up feature.
* Fix up a bug that disk failed to probe if driver failed to access the
10th LBA.
* Fix a bug that request timeout but it has been completed in certain
cases.
* Support smartmontool for R750.
Many thanks to HighPoint for continued support of FreeBSD!
MFC after: 3 days
- Use the existing vbus locks instead of Giant for the CAM sim lock.
- Use callout(9) instead of timeout(9).
- Mark the interrupt handler MPSAFE.
- Don't attempt to pass data in the softc from probe() to attach().
- Remove compat shims for FreeBSD versions older than 8.0.
Reviewed by: Steve Chang <ychang@highpoint-tech.com>
original, this hides the contents of cam_compat.h from ktrace/kdump/truss,
avoiding problems there. There are no user-servicable parts in there, so
no need for those tools to be groping around in there.
Approved by: re
- Remove the timeout_ch field. It's been deprecated since FreeBSD 7.0;
MPSAFE drivers should be managing their own timeout storage. The
remaining non-MPSAFE drivers have been modified to also manage their own
storage, and should be considered for updating to MPSAFE (or removal)
during the FreeBSD 10.x lifecycle.
- Add fields related to soft timeouts and quality of service, to be used
in upcoming work.
- Add room for more flags in the CCB header and path_inq structures.
- Begin support for extended 64-bit LUNs.
- Bump the CAM version number to 0x18, but add compat shims. Tested with
camcontrol and smartctl.
Reviewed by: nathanw, ken, kib
Approved by: re
Obtained from: Netflix
MFprojects/camlock r248982:
Stop abusing xpt_periph in random plases that really have no periph related
to CCB, for example, bus scanning. NULL value is fine in such cases and it
is correctly logged in debug messages as "noperiph". If at some point we
need some real XPT periphs (alike to pmpX now), quite likely they will be
per-bus, and not a single global instance as xpt_periph now.