cam: Zero bio pointer in user-supplied SCSI CCBs

The BUF_TRACKING bio pointer only makes sense for kernel consumers of CCBs. PR: 214250 Reported by: trasz@ Reviewed by: imp@, markj@ Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D8477
2016-11-08 21:17:24 +00:00 · 2016-11-08 21:17:24 +00:00 · 3b49140b27
commit 3b49140b27
parent 6656a7c6f1
2 changed files with 16 additions and 0 deletions
--- a/sys/cam/cam_xpt.c
+++ b/sys/cam/cam_xpt.c
@ -414,6 +414,10 @@ xptdoioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *
 		struct cam_eb *bus;

 		inccb = (union ccb *)addr;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (inccb->ccb_h.func_code == XPT_SCSI_IO)
+			inccb->csio.bio = NULL;
+#endif

 		bus = xpt_find_bus(inccb->ccb_h.path_id);
 		if (bus == NULL)
@ -593,6 +597,10 @@ xptdoioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *
 		unit = ccb->cgdl.unit_number;
 		name = ccb->cgdl.periph_name;
 		base_periph_found = 0;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (ccb->ccb_h.func_code == XPT_SCSI_IO)
+			ccb->csio.bio = NULL;
+#endif

 		/*
 		 * Sanity check -- make sure we don't get a null peripheral
--- a/sys/cam/scsi/scsi_pass.c
+++ b/sys/cam/scsi/scsi_pass.c
@ -1777,6 +1777,10 @@ passdoioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread
 		int ccb_malloced;

 		inccb = (union ccb *)addr;
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (inccb->ccb_h.func_code == XPT_SCSI_IO)
+			inccb->csio.bio = NULL;
+#endif

 		/*
 		 * Some CCB types, like scan bus and scan lun can only go
@ -1875,6 +1879,10 @@ passdoioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread
 			cam_periph_lock(periph);
 			break;
 		}
+#if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
+		if (ccb->ccb_h.func_code == XPT_SCSI_IO)
+			ccb->csio.bio = NULL;
+#endif

 		if (ccb->ccb_h.flags & CAM_CDB_POINTER) {
 			if (ccb->csio.cdb_len > IOCDBLEN) {