d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make sure we check for CAM_CDB_POINTER for all drivers. Also, for the

Browse Source 
drivers I've touched, filter out CAM_CDB_PHYS.

Differential Revision: https://reviews.freebsd.org/D5585
This commit is contained in:
Warner Losh 2016-03-15 05:17:29 +00:00
parent 225e4b4296
commit 4aa947cb70
7 changed files with 64 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/cam/cam_ccb.h
View File

@ -725,6 +725,13 @@ struct ccb_scsiio {
u_int init_id; /* initiator id of who selected */ u_int init_id; /* initiator id of who selected */
}; };
static __inline uint8_t *
scsiio_cdb_ptr(struct ccb_scsiio *ccb)
{
return ((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
ccb->cdb_io.cdb_ptr : ccb->cdb_io.cdb_bytes);
}
/* /*
* ATA I/O Request CCB used for the XPT_ATA_IO function code. * ATA I/O Request CCB used for the XPT_ATA_IO function code.
*/ */

23
sys/dev/arcmsr/arcmsr.c
View File

@ -872,7 +872,7 @@ static void arcmsr_srb_timeout(void *arg)
ARCMSR_LOCK_ACQUIRE(&acb->isr_lock); ARCMSR_LOCK_ACQUIRE(&acb->isr_lock);
if(srb->srb_state == ARCMSR_SRB_START) if(srb->srb_state == ARCMSR_SRB_START)
{ {
cmd = srb->pccb->csio.cdb_io.cdb_bytes[0]; cmd = scsiio_cdb_ptr(&srb->pccb->csio)[0];
srb->srb_state = ARCMSR_SRB_TIMEOUT; srb->srb_state = ARCMSR_SRB_TIMEOUT;
srb->pccb->ccb_h.status |= CAM_CMD_TIMEOUT; srb->pccb->ccb_h.status |= CAM_CMD_TIMEOUT;
arcmsr_srb_complete(srb, 1); arcmsr_srb_complete(srb, 1);
@ -997,7 +997,7 @@ static void arcmsr_build_srb(struct CommandControlBlock *srb,
arcmsr_cdb->LUN = pccb->ccb_h.target_lun; arcmsr_cdb->LUN = pccb->ccb_h.target_lun;
arcmsr_cdb->Function = 1; arcmsr_cdb->Function = 1;
arcmsr_cdb->CdbLength = (u_int8_t)pcsio->cdb_len; arcmsr_cdb->CdbLength = (u_int8_t)pcsio->cdb_len;
bcopy(pcsio->cdb_io.cdb_bytes, arcmsr_cdb->Cdb, pcsio->cdb_len); bcopy(scsiio_cdb_ptr(pcsio), arcmsr_cdb->Cdb, pcsio->cdb_len);
if(nseg != 0) { if(nseg != 0) {
struct AdapterControlBlock *acb = srb->acb; struct AdapterControlBlock *acb = srb->acb;
bus_dmasync_op_t op; bus_dmasync_op_t op;
@ -2453,10 +2453,11 @@ static int arcmsr_iop_message_xfer(struct AdapterControlBlock *acb, union ccb *p
struct CMD_MESSAGE_FIELD *pcmdmessagefld; struct CMD_MESSAGE_FIELD *pcmdmessagefld;
int retvalue = 0, transfer_len = 0; int retvalue = 0, transfer_len = 0;
char *buffer; char *buffer;
u_int32_t controlcode = (u_int32_t ) pccb->csio.cdb_io.cdb_bytes[5] << 24 | uint8_t *ptr = scsiio_cdb_ptr(&pccb->csio);
(u_int32_t ) pccb->csio.cdb_io.cdb_bytes[6] << 16 | u_int32_t controlcode = (u_int32_t ) ptr[5] << 24 |
(u_int32_t ) pccb->csio.cdb_io.cdb_bytes[7] << 8 | (u_int32_t ) ptr[6] << 16 |
(u_int32_t ) pccb->csio.cdb_io.cdb_bytes[8]; (u_int32_t ) ptr[7] << 8 |
(u_int32_t ) ptr[8];
/* 4 bytes: Areca io control code */ /* 4 bytes: Areca io control code */
if ((pccb->ccb_h.flags & CAM_DATA_MASK) == CAM_DATA_VADDR) { if ((pccb->ccb_h.flags & CAM_DATA_MASK) == CAM_DATA_VADDR) {
buffer = pccb->csio.data_ptr; buffer = pccb->csio.data_ptr;
@ -2683,7 +2684,7 @@ static void arcmsr_execute_srb(void *arg, bus_dma_segment_t *dm_segs, int nseg,
if(acb->devstate[target][lun] == ARECA_RAID_GONE) { if(acb->devstate[target][lun] == ARECA_RAID_GONE) {
u_int8_t block_cmd, cmd; u_int8_t block_cmd, cmd;
cmd = pccb->csio.cdb_io.cdb_bytes[0]; cmd = scsiio_cdb_ptr(&pccb->csio)[0];
block_cmd = cmd & 0x0f; block_cmd = cmd & 0x0f;
if(block_cmd == 0x08 || block_cmd == 0x0a) { if(block_cmd == 0x08 || block_cmd == 0x0a) {
printf("arcmsr%d:block 'read/write' command " printf("arcmsr%d:block 'read/write' command "
@ -2800,7 +2801,7 @@ static void arcmsr_handle_virtual_command(struct AdapterControlBlock *acb,
return; return;
} }
pccb->ccb_h.status |= CAM_REQ_CMP; pccb->ccb_h.status |= CAM_REQ_CMP;
switch (pccb->csio.cdb_io.cdb_bytes[0]) { switch (scsiio_cdb_ptr(&pccb->csio)[0]) {
case INQUIRY: { case INQUIRY: {
unsigned char inqdata[36]; unsigned char inqdata[36];
char *buffer = pccb->csio.data_ptr; char *buffer = pccb->csio.data_ptr;
@ -2853,6 +2854,12 @@ static void arcmsr_action(struct cam_sim *psim, union ccb *pccb)
int target = pccb->ccb_h.target_id; int target = pccb->ccb_h.target_id;
int error; int error;
if (pccb->ccb_h.flags & CAM_CDB_PHYS) {
pccb->ccb_h.status = CAM_REQ_INVALID;
xpt_done(pccb);
return;
}
if(target == 16) { if(target == 16) {
/* virtual device for iop message transfer */ /* virtual device for iop message transfer */
arcmsr_handle_virtual_command(acb, pccb); arcmsr_handle_virtual_command(acb, pccb);

6
sys/dev/iir/iir.c
View File

@ -744,9 +744,9 @@ gdt_next(struct gdt_softc *gdt)
ccb->ccb_h.flags)); ccb->ccb_h.flags));
csio = &ccb->csio; csio = &ccb->csio;
ccbh = &ccb->ccb_h; ccbh = &ccb->ccb_h;
cmd = csio->cdb_io.cdb_bytes[0]; cmd = scsiio_cdb_ptr(csio)[0];
/* Max CDB length is 12 bytes */ /* Max CDB length is 12 bytes, can't be phys addr */
if (csio->cdb_len > 12) { if (csio->cdb_len > 12 || (ccbh->flags & CAM_CDB_PHYS)) {
ccbh->status = CAM_REQ_INVALID; ccbh->status = CAM_REQ_INVALID;
--gdt_stat.io_count_act; --gdt_stat.io_count_act;
xpt_done(ccb); xpt_done(ccb);

10
sys/dev/isci/isci_controller.c
View File

@ -740,6 +740,11 @@ void isci_action(struct cam_sim *sim, union ccb *ccb)
} }
break; break;
case XPT_SCSI_IO: case XPT_SCSI_IO:
if (ccb->ccb_h.flags & CAM_CDB_PHYS) {
ccb->ccb_h.status = CAM_REQ_INVALID;
xpt_done(ccb);
break;
}
isci_io_request_execute_scsi_io(ccb, controller); isci_io_request_execute_scsi_io(ccb, controller);
break; break;
#if __FreeBSD_version >= 900026 #if __FreeBSD_version >= 900026
@ -802,6 +807,7 @@ isci_controller_release_queued_ccbs(struct ISCI_CONTROLLER *controller)
{ {
struct ISCI_REMOTE_DEVICE *dev; struct ISCI_REMOTE_DEVICE *dev;
struct ccb_hdr *ccb_h; struct ccb_hdr *ccb_h;
uint8_t *ptr;
int dev_idx; int dev_idx;
KASSERT(mtx_owned(&controller->lock), ("controller lock not owned")); KASSERT(mtx_owned(&controller->lock), ("controller lock not owned"));
@ -821,8 +827,8 @@ isci_controller_release_queued_ccbs(struct ISCI_CONTROLLER *controller)
if (ccb_h == NULL) if (ccb_h == NULL)
continue; continue;
isci_log_message(1, "ISCI", "release %p %x\n", ccb_h, ptr = scsiio_cdb_ptr(&((union ccb *)ccb_h)->csio);
((union ccb *)ccb_h)->csio.cdb_io.cdb_bytes[0]); isci_log_message(1, "ISCI", "release %p %x\n", ccb_h, *ptr);
dev->queued_ccb_in_progress = (union ccb *)ccb_h; dev->queued_ccb_in_progress = (union ccb *)ccb_h;
isci_io_request_execute_scsi_io( isci_io_request_execute_scsi_io(

18
sys/dev/isci/isci_io_request.c
View File

@ -86,6 +86,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
struct ISCI_REMOTE_DEVICE *isci_remote_device; struct ISCI_REMOTE_DEVICE *isci_remote_device;
union ccb *ccb; union ccb *ccb;
BOOL complete_ccb; BOOL complete_ccb;
struct ccb_scsiio *csio;
complete_ccb = TRUE; complete_ccb = TRUE;
isci_controller = (struct ISCI_CONTROLLER *) sci_object_get_association(scif_controller); isci_controller = (struct ISCI_CONTROLLER *) sci_object_get_association(scif_controller);
@ -93,7 +94,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
(struct ISCI_REMOTE_DEVICE *) sci_object_get_association(remote_device); (struct ISCI_REMOTE_DEVICE *) sci_object_get_association(remote_device);
ccb = isci_request->ccb; ccb = isci_request->ccb;
csio = &ccb->csio;
ccb->ccb_h.status &= ~CAM_STATUS_MASK; ccb->ccb_h.status &= ~CAM_STATUS_MASK;
switch (completion_status) { switch (completion_status) {
@ -124,7 +125,6 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
SCI_SSP_RESPONSE_IU_T * response_buffer; SCI_SSP_RESPONSE_IU_T * response_buffer;
uint32_t sense_length; uint32_t sense_length;
int error_code, sense_key, asc, ascq; int error_code, sense_key, asc, ascq;
struct ccb_scsiio *csio = &ccb->csio;
response_buffer = (SCI_SSP_RESPONSE_IU_T *) response_buffer = (SCI_SSP_RESPONSE_IU_T *)
scif_io_request_get_response_iu_address( scif_io_request_get_response_iu_address(
@ -146,7 +146,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
isci_log_message(1, "ISCI", isci_log_message(1, "ISCI",
"isci: bus=%x target=%x lun=%x cdb[0]=%x status=%x key=%x asc=%x ascq=%x\n", "isci: bus=%x target=%x lun=%x cdb[0]=%x status=%x key=%x asc=%x ascq=%x\n",
ccb->ccb_h.path_id, ccb->ccb_h.target_id, ccb->ccb_h.path_id, ccb->ccb_h.target_id,
ccb->ccb_h.target_lun, csio->cdb_io.cdb_bytes[0], ccb->ccb_h.target_lun, scsiio_cdb_ptr(csio),
csio->scsi_status, sense_key, asc, ascq); csio->scsi_status, sense_key, asc, ascq);
break; break;
} }
@ -157,7 +157,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
isci_log_message(0, "ISCI", isci_log_message(0, "ISCI",
"isci: bus=%x target=%x lun=%x cdb[0]=%x remote device reset required\n", "isci: bus=%x target=%x lun=%x cdb[0]=%x remote device reset required\n",
ccb->ccb_h.path_id, ccb->ccb_h.target_id, ccb->ccb_h.path_id, ccb->ccb_h.target_id,
ccb->ccb_h.target_lun, ccb->csio.cdb_io.cdb_bytes[0]); ccb->ccb_h.target_lun, scsiio_cdb_ptr(csio));
break; break;
case SCI_IO_FAILURE_TERMINATED: case SCI_IO_FAILURE_TERMINATED:
@ -165,7 +165,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
isci_log_message(0, "ISCI", isci_log_message(0, "ISCI",
"isci: bus=%x target=%x lun=%x cdb[0]=%x terminated\n", "isci: bus=%x target=%x lun=%x cdb[0]=%x terminated\n",
ccb->ccb_h.path_id, ccb->ccb_h.target_id, ccb->ccb_h.path_id, ccb->ccb_h.target_id,
ccb->ccb_h.target_lun, ccb->csio.cdb_io.cdb_bytes[0]); ccb->ccb_h.target_lun, scsiio_cdb_ptr(csio));
break; break;
case SCI_IO_FAILURE_INVALID_STATE: case SCI_IO_FAILURE_INVALID_STATE:
@ -208,7 +208,7 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
isci_log_message(1, "ISCI", isci_log_message(1, "ISCI",
"isci: bus=%x target=%x lun=%x cdb[0]=%x completion status=%x\n", "isci: bus=%x target=%x lun=%x cdb[0]=%x completion status=%x\n",
ccb->ccb_h.path_id, ccb->ccb_h.target_id, ccb->ccb_h.path_id, ccb->ccb_h.target_id,
ccb->ccb_h.target_lun, ccb->csio.cdb_io.cdb_bytes[0], ccb->ccb_h.target_lun, scsiio_cdb_ptr(csio),
completion_status); completion_status);
ccb->ccb_h.status |= CAM_REQ_CMP_ERR; ccb->ccb_h.status |= CAM_REQ_CMP_ERR;
break; break;
@ -285,13 +285,13 @@ isci_io_request_complete(SCI_CONTROLLER_HANDLE_T scif_controller,
* get a ready notification for this device. * get a ready notification for this device.
*/ */
isci_log_message(1, "ISCI", "already queued %p %x\n", isci_log_message(1, "ISCI", "already queued %p %x\n",
ccb, ccb->csio.cdb_io.cdb_bytes[0]); ccb, scsiio_cdb_ptr(csio));
isci_remote_device->queued_ccb_in_progress = NULL; isci_remote_device->queued_ccb_in_progress = NULL;
} else { } else {
isci_log_message(1, "ISCI", "queue %p %x\n", ccb, isci_log_message(1, "ISCI", "queue %p %x\n", ccb,
ccb->csio.cdb_io.cdb_bytes[0]); scsiio_cdb_ptr(csio));
ccb->ccb_h.status |= CAM_SIM_QUEUED; ccb->ccb_h.status |= CAM_SIM_QUEUED;
TAILQ_INSERT_TAIL(&isci_remote_device->queued_ccbs, TAILQ_INSERT_TAIL(&isci_remote_device->queued_ccbs,
@ -373,7 +373,7 @@ scif_cb_io_request_get_cdb_address(void * scif_user_io_request)
struct ISCI_IO_REQUEST *isci_request = struct ISCI_IO_REQUEST *isci_request =
(struct ISCI_IO_REQUEST *)scif_user_io_request; (struct ISCI_IO_REQUEST *)scif_user_io_request;
return (isci_request->ccb->csio.cdb_io.cdb_bytes); return (scsiio_cdb_ptr(&isci_request->ccb->csio));
} }
/** /**

14
sys/dev/ncr/ncr.c
View File

@ -3859,6 +3859,16 @@ ncr_action (struct cam_sim *sim, union ccb *ccb)
tp = &np->target[ccb->ccb_h.target_id]; tp = &np->target[ccb->ccb_h.target_id];
csio = &ccb->csio; csio = &ccb->csio;
/*
* Make sure we support this request. We can't do
* PHYS pointers.
*/
if (ccb->ccb_h.flags & CAM_CDB_PHYS) {
ccb->ccb_h.status = CAM_REQ_INVALID;
xpt_done(ccb);
return;
}
/* /*
* Last time we need to check if this CCB needs to * Last time we need to check if this CCB needs to
* be aborted. * be aborted.
@ -4070,8 +4080,7 @@ ncr_action (struct cam_sim *sim, union ccb *ccb)
/* /*
** command ** command
*/ */
/* XXX JGibbs - Support other command types */ cp->phys.cmd.addr = vtophys (scsiio_cdb_ptr(csio));
cp->phys.cmd.addr = vtophys (csio->cdb_io.cdb_bytes);
cp->phys.cmd.size = csio->cdb_len; cp->phys.cmd.size = csio->cdb_len;
/* /*
** sense command ** sense command
@ -4083,7 +4092,6 @@ ncr_action (struct cam_sim *sim, union ccb *ccb)
*/ */
cp->sensecmd[0] = 0x03; cp->sensecmd[0] = 0x03;
cp->sensecmd[1] = ccb->ccb_h.target_lun << 5; cp->sensecmd[1] = ccb->ccb_h.target_lun << 5;
cp->sensecmd[4] = sizeof(struct scsi_sense_data);
cp->sensecmd[4] = csio->sense_len; cp->sensecmd[4] = csio->sense_len;
/* /*
** sense data ** sense data

16
sys/dev/ppbus/vpo.c
View File

@ -187,17 +187,19 @@ vpo_intr(struct vpo_data *vpo, struct ccb_scsiio *csio)
#ifdef VP0_DEBUG #ifdef VP0_DEBUG
int i; int i;
#endif #endif
uint8_t *ptr;
ptr = scsiio_cdb_ptr(csio);
if (vpo->vpo_isplus) { if (vpo->vpo_isplus) {
errno = imm_do_scsi(&vpo->vpo_io, VP0_INITIATOR, errno = imm_do_scsi(&vpo->vpo_io, VP0_INITIATOR,
csio->ccb_h.target_id, csio->ccb_h.target_id,
(char *)&csio->cdb_io.cdb_bytes, csio->cdb_len, ptr, csio->cdb_len,
(char *)csio->data_ptr, csio->dxfer_len, (char *)csio->data_ptr, csio->dxfer_len,
&vpo->vpo_stat, &vpo->vpo_count, &vpo->vpo_error); &vpo->vpo_stat, &vpo->vpo_count, &vpo->vpo_error);
} else { } else {
errno = vpoio_do_scsi(&vpo->vpo_io, VP0_INITIATOR, errno = vpoio_do_scsi(&vpo->vpo_io, VP0_INITIATOR,
csio->ccb_h.target_id, csio->ccb_h.target_id,
(char *)&csio->cdb_io.cdb_bytes, csio->cdb_len, ptr, csio->cdb_len,
(char *)csio->data_ptr, csio->dxfer_len, (char *)csio->data_ptr, csio->dxfer_len,
&vpo->vpo_stat, &vpo->vpo_count, &vpo->vpo_error); &vpo->vpo_stat, &vpo->vpo_count, &vpo->vpo_error);
} }
@ -208,7 +210,7 @@ vpo_intr(struct vpo_data *vpo, struct ccb_scsiio *csio)
/* dump of command */ /* dump of command */
for (i=0; i<csio->cdb_len; i++) for (i=0; i<csio->cdb_len; i++)
printf("%x ", ((char *)&csio->cdb_io.cdb_bytes)[i]); printf("%x ", ((char *)ptr)[i]);
printf("\n"); printf("\n");
#endif #endif
@ -307,11 +309,15 @@ vpo_action(struct cam_sim *sim, union ccb *ccb)
csio = &ccb->csio; csio = &ccb->csio;
if (ccb->ccb_h.flags & CAM_CDB_PHYS) {
ccb->ccb_h.status = CAM_REQ_INVALID;
xpt_done(ccb);
break;
}
#ifdef VP0_DEBUG #ifdef VP0_DEBUG
device_printf(vpo->vpo_dev, "XPT_SCSI_IO (0x%x) request\n", device_printf(vpo->vpo_dev, "XPT_SCSI_IO (0x%x) request\n",
csio->cdb_io.cdb_bytes[0]); scsiio_cdb_ptr(csio));
#endif #endif
vpo_intr(vpo, csio); vpo_intr(vpo, csio);
xpt_done(ccb); xpt_done(ccb);