d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make sure we check for CAM_CDB_POINTER for all drivers. Also, for the

Browse Source 
drivers I've touched, filter out CAM_CDB_PHYS.

Differential Revision: https://reviews.freebsd.org/D5585
This commit is contained in:
Warner Losh 2016-03-15 05:17:29 +00:00
parent 225e4b4296
commit 4aa947cb70
7 changed files with 64 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/cam/cam_ccb.h
View File

@ -725,6 +725,13 @@ struct ccb_scsiio {
u_int init_id; /* initiator id of who selected */
};
static __inline uint8_t *
scsiio_cdb_ptr(struct ccb_scsiio *ccb)
{
return ((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
ccb->cdb_io.cdb_ptr : ccb->cdb_io.cdb_bytes);
}
/*
* ATA I/O Request CCB used for the XPT_ATA_IO function code.
*/

23
sys/dev/arcmsr/arcmsr.c
View File

@ -872,7 +872,7 @@ static void arcmsr_srb_timeout(void *arg)
ARCMSR_LOCK_ACQUIRE(&acb->isr_lock);
if(srb->srb_state == ARCMSR_SRB_START)
{
cmd = srb->pccb->csio.cdb_io.cdb_bytes[0];
cmd = scsiio_cdb_ptr(&srb->pccb->csio)[0];
srb->srb_state = ARCMSR_SRB_TIMEOUT;
srb->pccb->ccb_h.status |= CAM_CMD_TIMEOUT;
arcmsr_srb_complete(srb, 1);
@ -997,7 +997,7 @@ static void arcmsr_build_srb(struct CommandControlBlock *srb,
arcmsr_cdb->LUN = pccb->ccb_h.target_lun;
arcmsr_cdb->Function = 1;
arcmsr_cdb->CdbLength = (u_int8_t)pcsio->cdb_len;
bcopy(pcsio->cdb_io.cdb_bytes, arcmsr_cdb->Cdb, pcsio->cdb_len);
bcopy(scsiio_cdb_ptr(pcsio), arcmsr_cdb->Cdb, pcsio->cdb_len);
if(nseg != 0) {
struct AdapterControlBlock *acb = srb->acb;
bus_dmasync_op_t op;
@ -2453,10 +2453,11 @@ static int arcmsr_iop_message_xfer(struct AdapterControlBlock *acb, union ccb *p
struct CMD_MESSAGE_FIELD *pcmdmessagefld;
int retvalue = 0, transfer_len = 0;
char *buffer;
u_int32_t controlcode = (u_int32_t ) pccb->csio.cdb_io.cdb_bytes[5] << 24 |
(u_int32_t ) pccb->csio.cdb_io.cdb_bytes[6] << 16 |
(u_int32_t ) pccb->csio.cdb_io.cdb_bytes[7] << 8 |
(u_int32_t ) pccb->csio.cdb_io.cdb_bytes[8];
uint8_t *ptr = scsiio_cdb_ptr(&pccb->csio);
u_int32_t controlcode = (u_int32_t ) ptr[5] << 24 |
(u_int32_t ) ptr[6] << 16 |
(u_int32_t ) ptr[7] << 8 |
(u_int32_t ) ptr[8];
/* 4 bytes: Areca io control code */
if ((pccb->ccb_h.flags & CAM_DATA_MASK) == CAM_DATA_VADDR) {
buffer = pccb->csio.data_ptr;
@ -2683,7 +2684,7 @@ static void arcmsr_execute_srb(void *arg, bus_dma_segment_t *dm_segs, int nseg,
if(acb->devstate[target][lun] == ARECA_RAID_GONE) {
u_int8_t block_cmd, cmd;
cmd = pccb->csio.cdb_io.cdb_bytes[0];
cmd = scsiio_cdb_ptr(&pccb->csio)[0];
block_cmd = cmd & 0x0f;
if(block_cmd == 0x08 || block_cmd == 0x0a) {
printf("arcmsr%d:block 'read/write' command "
@ -2800,7 +2801,7 @@ static void arcmsr_handle_virtual_command(struct AdapterControlBlock *acb,
return;
}
pccb->ccb_h.status |= CAM_REQ_CMP;
switch (pccb->csio.cdb_io.cdb_bytes[0]) {
switch (scsiio_cdb_ptr(&pccb->csio)[0]) {
case INQUIRY: {
unsigned char inqdata[36];
char *buffer = pccb->csio.data_ptr;
@ -2853,6 +2854,12 @@ static void arcmsr_action(struct cam_sim *psim, union ccb *pccb)
int target = pccb->ccb_h.target_id;
int error;
if (pccb->ccb_h.flags & CAM_CDB_PHYS) {
pccb->ccb_h.status = CAM_REQ_INVALID;
xpt_done(pccb);
return;
}
if(target == 16) {
/* virtual device for iop message transfer */
arcmsr_handle_virtual_command(acb, pccb);

6
sys/dev/iir/iir.c
View File

@ -744,9 +744,9 @@ gdt_next(struct gdt_softc *gdt)
ccb->ccb_h.flags));
csio = &ccb->csio;
ccbh = &ccb->ccb_h;
cmd = csio->cdb_io.cdb_bytes[0];
/* Max CDB length is 12 bytes */
if (csio->cdb_len > 12) {
cmd = scsiio_cdb_ptr(csio)[0];
/* Max CDB length is 12 bytes, can't be phys addr */
if (csio->cdb_len > 12 || (ccbh->flags & CAM_CDB_PHYS)) {
ccbh->status = CAM_REQ_INVALID;
--gdt_stat.io_count_act;
xpt_done(ccb);

10
sys/dev/isci/isci_controller.c
View File

@ -740,6 +740,11 @@ void isci_action(struct cam_sim *sim, union ccb *ccb)
}
break;
case XPT_SCSI_IO:
if (ccb->ccb_h.flags & CAM_CDB_PHYS) {
ccb->ccb_h.status = CAM_REQ_INVALID;
xpt_done(ccb);
break;
}
isci_io_request_execute_scsi_io(ccb, controller);
break;
#if __FreeBSD_version >= 900026
@ -802,6 +807,7 @@ isci_controller_release_queued_ccbs(struct ISCI_CONTROLLER *controller)
{
struct ISCI_REMOTE_DEVICE *dev;
struct ccb_hdr *ccb_h;
uint8_t *ptr;
int dev_idx;
KASSERT(mtx_owned(&controller->lock), ("controller lock not owned"));
@ -821,8 +827,8 @@ isci_controller_release_queued_ccbs(struct ISCI_CONTROLLER *controller)
if (ccb_h == NULL)
continue;
isci_log_message(1, "ISCI", "release %p %x\n", ccb_h,
((union ccb *)ccb_h)->csio.cdb_io.cdb_bytes[0]);
ptr = scsiio_cdb_ptr(&((union ccb *)ccb_h)->csio);
isci_log_message(1, "ISCI", "release %p %x\n", ccb_h, *ptr);
dev->queued_ccb_in_progress = (union ccb *)ccb_h;
isci_io_request_execute_scsi_io(

18
sys/dev/isci/isci_io_request.c
View File

@ -86,6 +86,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
struct ISCI_REMOTE_DEVICE *isci_remote_device;
union ccb *ccb;
BOOL complete_ccb;
struct ccb_scsiio *csio;
complete_ccb = TRUE;
isci_controller = (struct ISCI_CONTROLLER *) sci_object_get_association(scif_controller);
@ -93,7 +94,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
(struct ISCI_REMOTE_DEVICE *) sci_object_get_association(remote_device);
ccb = isci_request->ccb;
csio = &ccb->csio;
ccb->ccb_h.status &= ~CAM_STATUS_MASK;
switch (completion_status) {
@ -124,7 +125,6 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
SCI_SSP_RESPONSE_IU_T * response_buffer;
uint32_t sense_length;
int error_code, sense_key, asc, ascq;
struct ccb_scsiio *csio = &ccb->csio;
response_buffer = (SCI_SSP_RESPONSE_IU_T *)
scif_io_request_get_response_iu_address(
@ -146,7 +146,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
isci_log_message(1, "ISCI",
"isci: bus=%x target=%x lun=%x cdb[0]=%x status=%x key=%x asc=%x ascq=%x\n",
ccb->ccb_h.path_id, ccb->ccb_h.target_id,
ccb->ccb_h.target_lun, csio->cdb_io.cdb_bytes[0],
ccb->ccb_h.target_lun, scsiio_cdb_ptr(csio),
csio->scsi_status, sense_key, asc, ascq);
break;
}
@ -157,7 +157,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
isci_log_message(0, "ISCI",
"isci: bus=%x target=%x lun=%x cdb[0]=%x remote device reset required\n",
ccb->ccb_h.path_id, ccb->ccb_h.target_id,
ccb->ccb_h.target_lun, ccb->csio.cdb_io.cdb_bytes[0]);
ccb->ccb_h.target_lun, scsiio_cdb_ptr(csio));
break;
case SCI_IO_FAILURE_TERMINATED:
@ -165,7 +165,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
isci_log_message(0, "ISCI",
"isci: bus=%x target=%x lun=%x cdb[0]=%x terminated\n",
ccb->ccb_h.path_id, ccb->ccb_h.target_id,
ccb->ccb_h.target_lun, ccb->csio.cdb_io.cdb_bytes[0]);
ccb->ccb_h.target_lun, scsiio_cdb_ptr(csio));
break;
case SCI_IO_FAILURE_INVALID_STATE:
@ -208,7 +208,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
isci_log_message(1, "ISCI",
"isci: bus=%x target=%x lun=%x cdb[0]=%x completion status=%x\n",
ccb->ccb_h.path_id, ccb->ccb_h.target_id,
ccb->ccb_h.target_lun, ccb->csio.cdb_io.cdb_bytes[0],
ccb->ccb_h.target_lun, scsiio_cdb_ptr(csio),
completion_status);
ccb->ccb_h.status |= CAM_REQ_CMP_ERR;
break;
@ -285,13 +285,13 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
* get a ready notification for this device.
*/
isci_log_message(1, "ISCI", "already queued %p %x\n",
ccb, ccb->csio.cdb_io.cdb_bytes[0]);
ccb, scsiio_cdb_ptr(csio));
isci_remote_device->queued_ccb_in_progress = NULL;
} else {
isci_log_message(1, "ISCI", "queue %p %x\n", ccb,
ccb->csio.cdb_io.cdb_bytes[0]);
scsiio_cdb_ptr(csio));
ccb->ccb_h.status |= CAM_SIM_QUEUED;
TAILQ_INSERT_TAIL(&isci_remote_device->queued_ccbs,
@ -373,7 +373,7 @@ scif_cb_io_request_get_cdb_address(void * scif_user_io_request)
struct ISCI_IO_REQUEST *isci_request =
(struct ISCI_IO_REQUEST *)scif_user_io_request;
return (isci_request->ccb->csio.cdb_io.cdb_bytes);
return (scsiio_cdb_ptr(&isci_request->ccb->csio));
}
/**

14
sys/dev/ncr/ncr.c
View File

@ -3859,6 +3859,16 @@ ncr_action (struct cam_sim *sim, union ccb *ccb)
tp = &np->target[ccb->ccb_h.target_id];
csio = &ccb->csio;
/*
* Make sure we support this request. We can't do
* PHYS pointers.
*/
if (ccb->ccb_h.flags & CAM_CDB_PHYS) {
ccb->ccb_h.status = CAM_REQ_INVALID;
xpt_done(ccb);
return;
}
/*
* Last time we need to check if this CCB needs to
* be aborted.
@ -4070,8 +4080,7 @@ ncr_action (struct cam_sim *sim, union ccb *ccb)
/*
** command
*/
/* XXX JGibbs - Support other command types */
cp->phys.cmd.addr = vtophys (csio->cdb_io.cdb_bytes);
cp->phys.cmd.addr = vtophys (scsiio_cdb_ptr(csio));
cp->phys.cmd.size = csio->cdb_len;
/*
** sense command
@ -4083,7 +4092,6 @@ ncr_action (struct cam_sim *sim, union ccb *ccb)
*/
cp->sensecmd[0] = 0x03;
cp->sensecmd[1] = ccb->ccb_h.target_lun << 5;
cp->sensecmd[4] = sizeof(struct scsi_sense_data);
cp->sensecmd[4] = csio->sense_len;
/*
** sense data

16
sys/dev/ppbus/vpo.c
View File

@ -187,17 +187,19 @@ vpo_intr(struct vpo_data *vpo, struct ccb_scsiio *csio)
#ifdef VP0_DEBUG
int i;
#endif
uint8_t *ptr;
ptr = scsiio_cdb_ptr(csio);
if (vpo->vpo_isplus) {
errno = imm_do_scsi(&vpo->vpo_io, VP0_INITIATOR,
csio->ccb_h.target_id,
(char *)&csio->cdb_io.cdb_bytes, csio->cdb_len,
ptr, csio->cdb_len,
(char *)csio->data_ptr, csio->dxfer_len,
&vpo->vpo_stat, &vpo->vpo_count, &vpo->vpo_error);
} else {
errno = vpoio_do_scsi(&vpo->vpo_io, VP0_INITIATOR,
csio->ccb_h.target_id,
(char *)&csio->cdb_io.cdb_bytes, csio->cdb_len,
ptr, csio->cdb_len,
(char *)csio->data_ptr, csio->dxfer_len,
&vpo->vpo_stat, &vpo->vpo_count, &vpo->vpo_error);
}
@ -208,7 +210,7 @@ vpo_intr(struct vpo_data *vpo, struct ccb_scsiio *csio)
/* dump of command */
for (i=0; i<csio->cdb_len; i++)
printf("%x ", ((char *)&csio->cdb_io.cdb_bytes)[i]);
printf("%x ", ((char *)ptr)[i]);
printf("\n");
#endif
@ -307,11 +309,15 @@ vpo_action(struct cam_sim *sim, union ccb *ccb)
csio = &ccb->csio;
if (ccb->ccb_h.flags & CAM_CDB_PHYS) {
ccb->ccb_h.status = CAM_REQ_INVALID;
xpt_done(ccb);
break;
}
#ifdef VP0_DEBUG
device_printf(vpo->vpo_dev, "XPT_SCSI_IO (0x%x) request\n",
csio->cdb_io.cdb_bytes[0]);
scsiio_cdb_ptr(csio));
#endif
vpo_intr(vpo, csio);
xpt_done(ccb);