Don't get stuck in a loop calling exit from an atexit routine. Clean

up cam_fill_ctio usage to passed atio flags. Clear periph_priv area of new ctio so if the kernel is dumb enough to look at them (this is a SECURITY hole) the panic will be obvious instead of subtle.
2000-07-18 04:39:36 +00:00 · 2000-07-18 04:39:36 +00:00 · 785b6ccaec
commit 785b6ccaec
parent ff1e937c46
1 changed files with 9 additions and 8 deletions
--- a/share/examples/scsi_target/scsi_target.c
+++ b/share/examples/scsi_target/scsi_target.c
@ -184,12 +184,9 @@ cleanup()
 		(void) ioctl(targfd, TARGIODEBUG, &debug);
 	}
 	close(targfd);
-
 	if (ioctl(targctlfd, TARGCTLIOFREEUNIT, &alloc_unit) == -1) {
 		perror("TARGCTLIOFREEUNIT");
-		exit(EX_SOFTWARE);
 	}
-
 	close(targctlfd);
 }

@ -326,18 +323,22 @@ handle_exception()
 		}

 		bzero(&ccb, sizeof(ccb));
-		cam_fill_ctio(&ccb.csio, /*retries*/2,
+		cam_fill_ctio(&ccb.csio,
+			      /*retries*/2,
 			      /*cbfcnp*/NULL,
-			      /*flags*/CAM_DIR_NONE
-			     | (atio.ccb_h.flags & CAM_TAG_ACTION_VALID)
-			     | CAM_SEND_STATUS,
-                              /*tag_action*/MSG_SIMPLE_Q_TAG,
+			      CAM_DIR_NONE | CAM_SEND_STATUS,
+			      (atio.ccb_h.flags & CAM_TAG_ACTION_VALID)?
+				MSG_SIMPLE_Q_TAG : 0,
 			      atio.tag_id,
 			      atio.init_id,
 			      SCSI_STATUS_CHECK_COND,
 			      /*data_ptr*/NULL,
 			      /*dxfer_len*/0,
 			      /*timeout*/5 * 1000);
+		/*
+		 * Make sure that periph_priv pointers are clean.
+		 */
+		bzero(&ccb.ccb_h.periph_priv, sizeof ccb.ccb_h.periph_priv);

 		if (ioctl(targfd, TARGIOCCOMMAND, &ccb) == -1) {
 			perror("TARGIOCCOMMAND");