441 Commits

Author SHA1 Message Date
imp
f5b78aa5cb The Uninorth ID was really for Uninorth 2.
Submitted by: Sevan Janiyan
Differential Revision: https://reviews.freebsd.org/D14919
2018-04-01 00:25:47 +00:00
imp
a7dfa8ed18 fwohcireg.h is 99% the same between the boot loader and the
kernel. Delete it and fix up the 1% difference because there's no need
for them to be different.
2018-03-31 22:02:59 +00:00
glebius
9c54c9c64c Garbage collect IFCAP_POLLING_NOCOUNT. It wasn't used since very
beginning of polling(4).  The module always ignored return value
from driver polling handler.
2017-12-06 23:03:34 +00:00
pfg
1537078d8f sys/dev: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
2017-11-27 14:52:40 +00:00
pfg
9da7bdde06 spdx: initial adoption of licensing ID tags.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.

Initially, only tag files that use BSD 4-Clause "Original" license.

RelNotes:	yes
Differential Revision:	https://reviews.freebsd.org/D13133
2017-11-18 14:26:50 +00:00
avg
eca0888852 firewire/sbp: try to improve locking, plus a few style nits
This change tries to fix the most obvious locking problems.

sbp_cam_scan_lun() is never called with the sbp lock held, so the lock
needs to be acquired internally (if it's needed at all).
Without this change a kernel with INVARIANTS panics when a firewire disk
is connected:
  panic: mutex sbp not owned at /usr/src/sys/dev/firewire/sbp.c:967
  KDB: stack backtrace:
  db_trace_self_wrapper() at 0xffffffff80420bbb = db_trace_self_wrapper+0x2b/frame 0xfffffe0504df0930
  kdb_backtrace() at 0xffffffff80670359 = kdb_backtrace+0x39/frame 0xfffffe0504df09e0
  vpanic() at 0xffffffff8063986c = vpanic+0x14c/frame 0xfffffe0504df0a20
  panic() at 0xffffffff806395b3 = panic+0x43/frame 0xfffffe0504df0a80
  __mtx_assert() at 0xffffffff8061c40d = __mtx_assert+0xed/frame 0xfffffe0504df0ac0
  sbp_cam_scan_lun() at 0xffffffff80474667 = sbp_cam_scan_lun+0x37/frame 0xfffffe0504df0af0
  xpt_done_process() at 0xffffffff802aacfa = xpt_done_process+0x2da/frame 0xfffffe0504df0b30
  xpt_done_td() at 0xffffffff802ac2e5 = xpt_done_td+0xd5/frame 0xfffffe0504df0b80
  fork_exit() at 0xffffffff805ff72f = fork_exit+0xdf/frame 0xfffffe0504df0bf0
  fork_trampoline() at 0xffffffff8082483e = fork_trampoline+0xe/frame
  0xfffffe0504df0bf0
  --- trap 0, rip = 0, rsp = 0, rbp = 0 ---

Also, I tried to reduce the scope of the sbp lock to avoid holding it
while doing bus_dma allocations.

The code badly needs some re-engineering.  SBP really should implement
a CAM transport, so that it avoids control flow inversion when re-scanning
the bus.  Also, the sbp lock seems to be too coarse.

Additionally, the commit includes some changes not related to locking.

- sbp_cam_scan_lun: restore CAM_DEV_QFREEZE before re-queueing the ccb
  because xpt_setup_ccb resets ccb_h.flags
- sbp_post_busreset: call xpt_release_simq only if it's actually frozen
- don't place private SIMQ_FREEZED flag (sic, "freezed") into sim->flags,
  use sbp->flags for that
- some style fixes and control flow enhancements

Reviewed by:	sbruno
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D9898
2017-03-07 16:07:52 +00:00
mav
fc6b929afc Remove some locking not needed for modern CAM.
This driver is full of LORs.  This change allows to reduce deadlock chance
from 100% to level that allows some tests to be done.

MFC after:	2 weeks
2017-02-28 05:24:06 +00:00
mav
bf6e9d3cdf Add safety check against too long CDB.
SBP-2 specification defined maximum CDB length as 12 bytes.  Newer SBP-3
specification allows CDB of any size, but this driver is too old.  Proper
solution would be to look on maximal ORB size supported by the target.

MFC after:	1 week
2017-02-28 05:17:50 +00:00
mav
82d6ea6b16 Announce that sbp_targ(4) does not support initiator mode.
MFC after:	1 week
2017-02-27 17:50:38 +00:00
pfg
f7696c94e4 sys/dev: Replace zero with NULL for pointers.
Makes things easier to read, plus architectures may set NULL to something
different than zero.

Found with:	devel/coccinelle
MFC after:	3 weeks
2017-02-20 03:43:12 +00:00
rpokala
b357c5fcca In the same vein as r311350, fix whitespace in handling of XPT_PATH_INQ in
several more drivers.

Sponsored by:	Panasas
2017-01-05 03:08:57 +00:00
asomers
2d89a50f96 Always null-terminate ccb_pathinq.(sim_vid|hba_vid|dev_name)
The sim_vid, hba_vid, and dev_name fields of struct ccb_pathinq are
fixed-length strings. AFAICT the only place they're read is in
sbin/camcontrol/camcontrol.c, which assumes they'll be null-terminated.
However, the kernel doesn't null-terminate them. A bunch of copy-pasted code
uses strncpy to write them, and doesn't guarantee null-termination. For at
least 4 drivers (mpr, mps, ciss, and hyperv), the hba_vid field actually
overflows. You can see the result by doing "camcontrol negotiate da0 -v".

This change null-terminates those fields everywhere they're set in the
kernel. It also shortens a few strings to ensure they'll fit within the
16-character field.

PR:		215474
Reported by:	Coverity
CID:		1009997 1010000 1010001 1010002 1010003 1010004 1010005
CID:		1331519 1010006 1215097 1010007 1288967 1010008 1306000
CID:		1211924 1010009 1010010 1010011 1010012 1010013 1010014
CID:		1147190 1010017 1010016 1010018 1216435 1010020 1010021
CID:		1010022 1009666 1018185 1010023 1010025 1010026 1010027
CID:		1010028 1010029 1010030 1010031 1010033 1018186 1018187
CID:		1010035 1010036 1010042 1010041 1010040 1010039
Reviewed by:	imp, sephe, slm
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D9037
Differential Revision:	https://reviews.freebsd.org/D9038
2017-01-04 20:26:42 +00:00
avg
ac89ff10a3 firewire: initialize tag label to -1 in fw_xfer_alloc()
Zero can be confused for a potentially valid value.
For example, if I load and unload sbp driver I get a lot of messages
like the following:

fw_tl_free: the xfer is not in the queue (tlabel=0, flag=0x0)
send: dst=0x00 tl=0x00 rt=0 tcode=0x0 pri=0x0 src=0x000
recv: dst=0x01 tl=0x21 rt=1 tcode=0x1 pri=0x0 src=0xffc0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe04464407e0
fw_tl_free() at fw_tl_free+0x18d/frame 0xfffffe0446440820
fw_xfer_unload() at fw_xfer_unload+0xca/frame 0xfffffe0446440840
fw_xferlist_remove() at fw_xferlist_remove+0x2f/frame 0xfffffe0446440870
sbp_detach() at sbp_detach+0x1e0/frame 0xfffffe04464408e0
device_detach() at device_detach+0x80/frame 0xfffffe0446440900
devclass_driver_deleted() at devclass_driver_deleted+0x6a/frame 0xfffffe0446440940
devclass_delete_driver() at devclass_delete_driver+0x7d/frame 0xfffffe0446440980
driver_module_handler() at driver_module_handler+0xff/frame 0xfffffe04464409d0
module_unload() at module_unload+0x32/frame 0xfffffe04464409f0
linker_file_unload() at linker_file_unload+0x24b/frame 0xfffffe0446440a40
kern_kldunload() at kern_kldunload+0xbc/frame 0xfffffe0446440a70
amd64_syscall() at amd64_syscall+0x314/frame 0xfffffe0446440bf0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe0446440bf0

MFC after:	2 weeks
2016-11-24 09:47:56 +00:00
avg
be16523288 fwohci: report whether PhysicalUpperBound register is implemented
Please see section 5.15 of 1394 OHCI Specification.
If the register is not implemented, then the physical response unit is
limited to the first 4GB of the physical memory.
In that case the non-cooperative debugging over firewire (using /dev/fwmem)
can not be expected to work if a target has more RAM than that.
The method is described in gdb.4 and the Developer's Handbook.

It seems that most of the consumer hardware does not implement
PhysicalUpperBound register.

MFC after:	1 week
2016-11-24 09:43:42 +00:00
trasz
af62ad8b46 Remove NULL checks after M_WAITOK allocations from firewire.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-05-10 10:21:03 +00:00
pfg
eed4bd22ad sys/dev: minor spelling fixes.
Most affect comments, very few have user-visible effects.
2016-05-03 03:41:25 +00:00
kib
52ea16e6ba Make it explicit that D_MEM cdevsw d_flag is to signify that the
driver is (or behaves identically to) /dev/mem.  Remove the D_MEM flag
from random drivers.

Note that currently the D_MEM flag does not affect any behaviour, but
this going to change in the next commit.

Noted and reviewed by:	alc
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
X-Differential revision:	https://reviews.freebsd.org/D6149
2016-05-01 17:46:56 +00:00
imp
4283959fee Don't assume bio_cmd is a bit field.
Differential Revision: https://reviews.freebsd.org/D5594
2016-03-10 00:36:45 +00:00
pfg
a97d0cb743 firewire: fix a mismatch introduced in r230558.
Found by:	PVS Static Analysis
Reviewed by:	sbruno
MFC after:	1 month
2016-02-19 15:35:20 +00:00
will
1aa07d7ef4 Fix remote DMA based firewire debugging when targeting
systems with more than 4GB of physical memory.

To remotely debug the system 'stealthy' which has a kernel
with this change installed and firewire properly configured:

	% fwcontrol -m stealthy (or stealthy's firewire EUI64)
	% kgdb kernel /dev/fwmem0.0

sys/dev/firewire/fwohci.c:
	Rather than hard code the upper limit for hw based
	automatic responses to remote DMA requests at 4GB,
	program the hardware using Maxmem, the page number
	one higher than the highest physical page detected
	in the system.

	While here, garbage collect more useless splfw()
	calls.

Submitted by:	gibbs
MFC after:	1 week
Sponsored by:	Spectra Logic
MFSpectraBSD:	1110994 on 2015/01/06
2015-01-21 20:08:24 +00:00
will
639d7a6139 Fix firewire panic when issuing a reply to an unhandled
asynchronous remote dma request (DMA request that the
hardware cannot automatically handle).

sys/dev/firewire/firewire.c
	In fw_rcv(), add missing early return in the error
	path for DMA requests to unregistered regions.

Submitted by:	gibbs
MFC after:	1 week
Sponsored by:	Spectra Logic
MFSpectraBSD:	1110993 on 2015/01/06
2015-01-21 20:06:25 +00:00
will
c3bc74cd91 Properly lock accesss to the firewire_comm->devices list.
sys/dev/firewire/firewire.c:
	Add missing FW_GLOCK/UNLOCK() usage to fw_noderesolve_nodeid().

sys/dev/firewire/firewire.c:
sys/dev/firewire/fwmem.c:
	Remove no-op splfw() calls from functions that have been
	audited for proper lock usage.

Submitted by:	gibbs
MFC after:	1 week
Sponsored by:	Spectra Logic
MFSpectraBSD:	1110992 on 2015/01/06
2015-01-21 20:05:10 +00:00
will
9993d8d7e3 Fix panic in firewire and creation of invalid config ROM.
sys/boot/i386/libfirewire/firewire.c:
sys/dev/firewire/firewire.c:
	Fix configuration ROM generation count wrapping logic
	so that the generation count is never outside of
	allowed limits (0x2 -> 0xF).

sys/dev/firewire/firewire.c:
	In fw_xfer_unload(), xfer->fc may be NULL.  Protect
	against this before taking the fc lock.

Submitted by:	gibbs
MFC after:	1 week
Sponsored by:	Spectra Logic
MFSpectraBSD:	1110685 on 2015/01/05
2015-01-21 20:03:46 +00:00
will
0e8db589ba Fix a FWXF_INQ race in the firewire driver.
sys/dev/firewire/firewire.c:
	In fw_xfer_unload() expand lock coverage so that
	the test for FWXF_INQ doesn't race with it being
	cleared in another thread.

Submitted by:	gibbs
MFC after:	1 week
Sponsored by:	Spectra Logic
MFSpectraBSD:	1110207 on 2015/01/02
2015-01-21 20:02:16 +00:00
will
142c5758be Fix one cause of firewire panics.
sys/dev/firewire/firewire.c:
	In fw_xfer_unload(), clear the FWXF_INQ flag on the
	xfer under protection of the FW_GMTX, after the
	xfer is removeed from the tx/rx queue.  Otherwise
	it is possible for the xfer to be removed again
	(corrupting the list or immediately panicing) from
	another thread that has found this xfer in the
	transaction label table.

Submitted by:	gibbs
MFC after:	1 week
Sponsored by:	Spectra Logic
MFSpectraBSD:	1110200 on 2015/01/02
2015-01-21 19:59:09 +00:00
smh
dd63bf99a2 Prevent overflow issues in timeout processing
Previously, any timeout value for which (timeout * hz) will overflow the
signed integer, will give weird results, since callout(9) routines will
convert negative values of ticks to '1'. For unsigned integer overflow we
will get sufficiently smaller timeout values than expected.

Switch from callout_reset, which requires conversion to int based ticks
to callout_reset_sbt to avoid this.

Also correct isci to correctly resolve ccb timeout.

This was based on the original work done by Eygene Ryabinkin
<rea@freebsd.org> back in 5 Aug 2011 which used a macro to help avoid
the overlow.

Differential Revision:	https://reviews.freebsd.org/D1157
Reviewed by:	mav, davide
MFC after:	1 month
Sponsored by:	Multiplay
2014-11-21 21:01:24 +00:00
kan
93ddb8841e Do not pass whole descriptor block size as align to fwdma_malloc_multiseg
Do not pass wrong alignment value to fwdma_malloc_multiseg and ultimately
to contigalloc. In addition to being wrong, this causes insta-panic in
certain cases due to safety assertion - the alignment is required to be
the power of two and the value we calculate here seldom is.

MFC after:  1 month
2014-09-27 16:50:24 +00:00
kan
acfad8859d Remove obsolete compatibility glue and improve firewire code readability.
Commit my version of style(9) pass over the firewire code. Now that
other people have started changing the code carrying this is as a
local patch is not longer a viable option.

MFC after:	1 month
2014-09-27 16:50:21 +00:00
glebius
b3b337a80e Mechanically convert to if_inc_counter(). 2014-09-19 03:51:26 +00:00
will
0362a39e44 Start the process of cleaning up FreeBSD's firewire driver.
sys/dev/firewire/firewire.c:
sys/dev/firewire/firewire.h:
sys/dev/firewire/firewirereg.h:
sys/dev/firewire/fwcrom.c:
sys/dev/firewire/fwdev.c:
sys/dev/firewire/fwdma.c:
sys/dev/firewire/fwmem.c:
sys/dev/firewire/fwohci.c:
sys/dev/firewire/fwohci_pci.c:
sys/dev/firewire/fwohcivar.h:
sys/dev/firewire/if_fwe.c:
sys/dev/firewire/if_fwip.c:
sys/dev/firewire/sbp.c:
sys/dev/firewire/sbp_targ.c:
	Unifdef the code, removing support for DragonflyBSD
	and FreeBSD prior to version 5.

Submitted by:	gibbs
MFC after:	1 month
Sponsored by:	Spectra Logic
MFSpectraBSD:	1081188 on 2014/08/01
2014-09-18 17:28:21 +00:00
will
ae0fd50934 Silence noisy firewire logging.
MFC after:	1 month
Sponsored by:	Spectra Logic
MFSpectraBSD:	974594 on 2013/08/02
2014-09-18 17:22:42 +00:00
glebius
9b93b159b3 Use define from if_var.h to access a field inside struct if_data,
that resides in struct ifnet.

Sponsored by:	Nginx, Inc.
2014-08-30 19:55:54 +00:00
hselasky
35b126e324 Pull in r267961 and r267973 again. Fix for issues reported will follow. 2014-06-28 03:56:17 +00:00
gjb
fc21f40567 Revert r267961, r267973:
These changes prevent sysctl(8) from returning proper output,
such as:

 1) no output from sysctl(8)
 2) erroneously returning ENOMEM with tools like truss(1)
    or uname(1)
 truss: can not get etype: Cannot allocate memory
2014-06-27 22:05:21 +00:00
hselasky
bd1ed65f0f Extend the meaning of the CTLFLAG_TUN flag to automatically check if
there is an environment variable which shall initialize the SYSCTL
during early boot. This works for all SYSCTL types both statically and
dynamically created ones, except for the SYSCTL NODE type and SYSCTLs
which belong to VNETs. A new flag, CTLFLAG_NOFETCH, has been added to
be used in the case a tunable sysctl has a custom initialisation
function allowing the sysctl to still be marked as a tunable. The
kernel SYSCTL API is mostly the same, with a few exceptions for some
special operations like iterating childrens of a static/extern SYSCTL
node. This operation should probably be made into a factored out
common macro, hence some device drivers use this. The reason for
changing the SYSCTL API was the need for a SYSCTL parent OID pointer
and not only the SYSCTL parent OID list pointer in order to quickly
generate the sysctl path. The motivation behind this patch is to avoid
parameter loading cludges inside the OFED driver subsystem. Instead of
adding special code to the OFED driver subsystem to post-load tunables
into dynamically created sysctls, we generalize this in the kernel.

Other changes:
- Corrected a possibly incorrect sysctl name from "hw.cbb.intr_mask"
to "hw.pcic.intr_mask".
- Removed redundant TUNABLE statements throughout the kernel.
- Some minor code rewrites in connection to removing not needed
TUNABLE statements.
- Added a missing SYSCTL_DECL().
- Wrapped two very long lines.
- Avoid malloc()/free() inside sysctl string handling, in case it is
called to initialize a sysctl from a tunable, hence malloc()/free() is
not ready when sysctls from the sysctl dataset are registered.
- Bumped FreeBSD version to indicate SYSCTL API change.

MFC after:	2 weeks
Sponsored by:	Mellanox Technologies
2014-06-27 16:33:43 +00:00
kan
64db28af1a Set target->sbp field to valid value when sbp device is created.
The sbp_cam_detach_target can be called from sbp_post_explore function
on the first target that is not really attached and it was written with
the corresponding safety check in place to tolerate that. Unfortunately
the recent locking cleanup did add a locking assertion that tries to
dereference the target->sbp pointer unconditionally, which causes less
than desirable outcome. Since the assertion is useful, just initialize
the target sbp pointer once when sbp device is being initialized instead
of when the target is being attached. This makes assertion work in all
cases and fixes the crash on boot.
2014-06-20 01:45:03 +00:00
jhb
e77f26d29d Various cleanups and fixes:
- Switch from timeout() to callout_*() for per-request timers.
- Use device_find_child() in the identify routine.
- Use device_printf() instead of passing device_get_nameunit() to
  printf().
- Expand the SBP_LOCK coverage simplifying the locking.
- Uninline STAILQ_FOREACH_SAFE().

Tested by:	sbruno
2014-05-27 19:56:02 +00:00
brueffer
572e8e160e Remove some unused variables.
Found with:	Clang Static Analyzer
MFC after:	2 weeks
2014-05-16 21:19:17 +00:00
melifaro
860ae05c24 Teach every SIOCGIFSTATUS provider to fill in ifs->ascii anyway.
Remove old bits of data concat for 'ascii' field.
Remove special SIOCGIFSTATUS handling from if.c (which Coverity yells at).

Reported by:	Coverity
Coverity CID:	1147174
MFC after:	2 weeks
2014-01-07 15:59:33 +00:00
eadler
44c01df173 Fix undefined behavior: (1 << 31) is not defined as 1 is an int and this
shifts into the sign bit.  Instead use (1U << 31) which gets the
expected result.

This fix is not ideal as it assumes a 32 bit int, but does fix the issue
for most cases.

A similar change was made in OpenBSD.

Discussed with:	-arch, rdivacky
Reviewed by:	cperciva
2013-11-30 22:17:27 +00:00
nwhitehorn
14bec3e026 Adjust various SCSI drivers to handle either a 32-bit or 64-bit lun_id_t,
mostly by adjustments to debugging printf() format specifiers. For high
numbered LUNs, also switch to printing them in hex as per SAM-5.

MFC after: 2 weeks
2013-10-30 14:04:47 +00:00
glebius
ff6e113f1b The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare
to this event, adding if_var.h to files that do need it. Also, include
all includes that now are included due to implicit pollution via if_var.h

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2013-10-26 17:58:36 +00:00
mav
c13057cda9 Partial MFproject/camlock r256671:
Fix several target mode SIMs to not blindly clear ccb_h.flags field of
ATIO CCBs.  Not all CCB flags there belong to them.
2013-10-21 06:04:39 +00:00
scottl
e9cc92746f Re-do r255853. Along with adding back the API/ABI changes from the
original, this hides the contents of cam_compat.h from ktrace/kdump/truss,
avoiding problems there.  There are no user-servicable parts in there, so
no need for those tools to be groping around in there.

Approved by:    re
2013-09-25 17:16:21 +00:00
gjb
d965f28ba1 Revert r255853 pending fixes to build errors in usr.bin/kdump
Approved by:	re (implicit)
2013-09-25 01:48:45 +00:00
scottl
108b7070e7 Update the CAM API for FreeBSD 10:
- Remove the timeout_ch field.  It's been deprecated since FreeBSD 7.0;
  MPSAFE drivers should be managing their own timeout storage.  The
  remaining non-MPSAFE drivers have been modified to also manage their own
  storage, and should be considered for updating to MPSAFE (or removal)
  during the FreeBSD 10.x lifecycle.

- Add fields related to soft timeouts and quality of service, to be used
  in upcoming work.

- Add room for more flags in the CCB header and path_inq structures.

- Begin support for extended 64-bit LUNs.

- Bump the CAM version number to 0x18, but add compat shims.  Tested with
  camcontrol and smartctl.

Reviewed by:    nathanw, ken, kib
Approved by:    re
Obtained from:  Netflix
2013-09-24 16:50:53 +00:00
davide
ec6382d0c2 - Use make_dev_credf(MAKEDEV_REF) instead of the race-prone make_dev()+
dev_ref() in the clone handlers that still use it.
- Don't set SI_CHEAPCLONE flag, it's not used anywhere neither in devfs
(for anything real)

Reviewed by:	kib
2013-09-07 13:45:44 +00:00
scottl
28bd1409da Update PCI drivers to no longer look at the MEMIO-enabled bit in the PCI
command register.  The lazy BAR allocation code in FreeBSD sometimes
disables this bit when it detects a range conflict, and will re-enable
it on demand when a driver allocates the BAR.  Thus, the bit is no longer
a reliable indication of capability, and should not be checked.  This
results in the elimination of a lot of code from drivers, and also gives
the opportunity to simplify a lot of drivers to use a helper API to set
the busmaster enable bit.

This changes fixes some recent reports of disk controllers and their
associated drives/enclosures disappearing during boot.

Submitted by:	jhb
Reviewed by:	jfv, marius, achadd, achim
MFC after:	1 day
2013-08-12 23:30:01 +00:00
mav
3d32e6b10c MFprojects/camlock r248982:
Stop abusing xpt_periph in random plases that really have no periph related
to CCB, for example, bus scanning.  NULL value is fine in such cases and it
is correctly logged in debug messages as "noperiph".  If at some point we
need some real XPT periphs (alike to pmpX now), quite likely they will be
per-bus, and not a single global instance as xpt_periph now.
2013-04-14 09:55:48 +00:00
will
528b271d19 FireWire: Don't allow a tlabel to reference an xfer after free.
sys/dev/firewire/firewire.c:
- fw_xfer_unload(): Since we are about to free this xfer, call fw_tl_free()
  to remove the xfer from its tlabel's list, if it has a tlabel.
- In every occasion when a xfer is removed from a tlabel's list, reset
  xfer->tl to -1 while holding fc->tlabel_lock, so that the xfer isn't
  mis-identified as belonging to a tlabel.

This doesn't fix all the use-after-free problems for M_FWMEM, but is an
incremental towards that goal.

Reviewed by:	kan, sbruno
Sponsored by:	Spectra Logic
2013-04-08 23:16:42 +00:00