300547 |
24-May-2016 |
truckman |
Fix multiple Coverity Out-of-bounds access false postive issues in CAM
The currently used idiom for clearing the part of a ccb after its header generates one or two Coverity errors for each time it is used. All instances generate an Out-of-bounds access (ARRAY_VS_SINGLETON) error because of the treatment of the header as a two element array, with a pointer to the non-existent second element being passed as the starting address to bzero(). Some instances also alsp generate Out-of-bounds access (OVERRUN) errors, probably because the space being cleared is larger than the sizeofstruct ccb_hdr).
In addition, this idiom is difficult for humans to understand and it is error prone. The user has to chose the proper struct ccb_* type (which does not appear in the surrounding code) for the sizeof() in the length calculation. I found several instances where the length was incorrect, which could cause either an actual out of bounds write, or incompletely clear the ccb.
A better way is to write the code to clear the ccb itself starting at sizeof(ccb_hdr) bytes from the start of the ccb, and calculate the length based on the specific type of struct ccb_* being cleared as specified by the union ccb member being used. The latter can normally be seen in the nearby code. This is friendlier for Coverity and other static analysis tools because they will see that the intent is to clear the trailing part of the ccb.
Wrap all of the boilerplate code in a convenient macro that only requires a pointer to the desired union ccb member (or a pointer to the union ccb itself) as an argument.
Reported by: Coverity CID: 1007578, 1008684, 1009724, 1009773, 1011304, 1011306 CID: 1011307, 1011308, 1011309, 1011310, 1011311, 1011312 CID: 1011313, 1011314, 1011315, 1011316, 1011317, 1011318 CID: 1011319, 1011320, 1011321, 1011322, 1011324, 1011325 CID: 1011326, 1011327, 1011328, 1011329, 1011330, 1011374 CID: 1011390, 1011391, 1011392, 1011393, 1011394, 1011395 CID: 1011396, 1011397, 1011398, 1011399, 1011400, 1011401 CID: 1011402, 1011403, 1011404, 1011405, 1011406, 1011408 CID: 1011409, 1011410, 1011411, 1011412, 1011413, 1011414 CID: 1017461, 1018387, 1086860, 1086874, 1194257, 1229897 CID: 1229968, 1306229, 1306234, 1331282, 1331283, 1331294 CID: 1331295, 1331535, 1331536, 1331539, 1331540, 1341623 CID: 1341624, 1341637, 1341638, 1355264, 1355324 Reviewed by: scottl, ken, delphij, imp MFH: 1 month Differential Revision: https://reviews.freebsd.org/D6496
|
216088 |
30-Nov-2010 |
ken |
Add Serial Management Protocol (SMP) passthrough support to CAM.
This includes support in the kernel, camcontrol(8), libcam and the mps(4) driver for SMP passthrough.
The CAM SCSI probe code has been modified to fetch Inquiry VPD page 0x00 to determine supported pages, and will now fetch page 0x83 in addition to page 0x80 if supported.
Add two new CAM CCBs, XPT_SMP_IO, and XPT_GDEV_ADVINFO. The SMP CCB is intended for SMP requests and responses. The ADVINFO is currently used to fetch cached VPD page 0x83 data from the transport layer, but is intended to be extensible to fetch other types of device-specific data.
SMP-only devices are not currently represented in the CAM topology, and so the current semantics are that the SIM will route SMP CCBs to either the addressed device, if it contains an SMP target, or its parent, if it contains an SMP target. (This is noted in cam_ccb.h, since it will change later once we have the ability to have SMP-only devices in CAM's topology.)
smp_all.c, smp_all.h: New helper routines for SMP. This includes SMP request building routines, response parsing routines, error decoding routines, and structure definitions for a number of SMP commands.
libcam/Makefile: Add smp_all.c to libcam, so that SMP functionality is available to userland applications.
camcontrol.8, camcontrol.c: Add smp passthrough support to camcontrol. Several new subcommands are now available:
'smpcmd' functions much like 'cmd', except that it allows the user to send generic SMP commands.
'smprg' sends the SMP report general command, and displays the decoded output. It will automatically fetch extended output if it is available.
'smppc' sends the SMP phy control command, with any number of potential options. Among other things, this allows the user to reset a phy on a SAS expander, or disable a phy on an expander.
'smpmaninfo' sends the SMP report manufacturer information and displays the decoded output.
'smpphylist' displays a list of phys on an expander, and the CAM devices attached to those phys, if any.
cam.h, cam.c: Add a status value for SMP errors (CAM_SMP_STATUS_ERROR).
Add a missing description for CAM_SCSI_IT_NEXUS_LOST.
Add support for SMP commands to cam_error_string().
cam_ccb.h: Rename the CAM_DIR_RESV flag to CAM_DIR_BOTH. SMP commands are by nature bi-directional, and we may need to support bi-directional SCSI commands later.
Add the XPT_SMP_IO CCB. Since SMP commands are bi-directional, there are pointers for both the request and response.
Add a fill routine for SMP CCBs.
Add the XPT_GDEV_ADVINFO CCB. This is currently used to fetch cached page 0x83 data from the transport later, but is extensible to fetch many other types of data.
cam_periph.c: Add support in cam_periph_mapmem() for XPT_SMP_IO and XPT_GDEV_ADVINFO CCBs.
cam_xpt.c: Add support for executing XPT_SMP_IO CCBs.
cam_xpt_internal.h: Add fields for VPD pages 0x00 and 0x83 in struct cam_ed.
scsi_all.c: Add scsi_get_sas_addr(), a function that parses VPD page 0x83 data and pulls out a SAS address.
scsi_all.h: Add VPD page 0x00 and 0x83 structures, and a prototype for scsi_get_sas_addr().
scsi_pass.c: Add support for mapping buffers in XPT_SMP_IO and XPT_GDEV_ADVINFO CCBs.
scsi_xpt.c: In the SCSI probe code, first ask the device for VPD page 0x00. If any VPD pages are supported, that page is required to be implemented. Based on the response, we may probe for the serial number (page 0x80) or device id (page 0x83).
Add support for the XPT_GDEV_ADVINFO CCB.
sys/conf/files: Add smp_all.c.
mps.c: Add support for passing in a uio in mps_map_command(), so we can map a S/G list at once.
Add support for SMP passthrough commands in mps_data_cb(). SMP is a special case, because the first buffer in the S/G list is outbound and the second buffer is inbound.
Add support for warning the user if the busdma code comes back with more buffers than will work for the command. This will, for example, help the user determine why an SMP command failed if busdma comes back with three buffers.
mps_pci.c: Add sys/uio.h.
mps_sas.c: Add the SAS address and the parent handle to the list of fields we pull from device page 0 and cache in struct mpssas_target. These are needed for SMP passthrough.
Add support for the XPT_SMP_IO CCB. For now, this CCB is routed to the addressed device if it supports SMP, or to its parent if it does not and the parent does. This is necessary because CAM does not currently support SMP-only nodes in the topology.
Make SMP passthrough support conditional on __FreeBSD_version >= 900026. This will make it easier to MFC this change to the driver without MFCing the CAM changes as well.
mps_user.c: Un-staticize mpi_init_sge() so we can use it for the SMP passthrough code.
mpsvar.h: Add a uio and iovecs into struct mps_command for SMP passthrough commands.
Add a cm_max_segs field to struct mps_command so that we can warn the user if busdma comes back with too many segments.
Clear the cm_reply when a command gets freed. If it is not cleared, reply frames will eventually get freed into the pool multiple times and corrupt the pool. (This fix is from scottl.)
Add a prototype for mpi_init_sge().
sys/param.h: Bump __FreeBSD_version to 900026 for the for the inclusion of the XPT_GDEV_ADVINFO and XPT_SMP_IO CAM CCBs.
|
195534 |
10-Jul-2009 |
scottl |
Separate the parallel scsi knowledge out of the core of the XPT, and modularize it so that new transports can be created.
Add a transport for SATA
Add a periph+protocol layer for ATA
Add a driver for AHCI-compliant hardware.
Add a maxio field to CAM so that drivers can advertise their max I/O capability. Modify various drivers so that they are insulated from the value of MAXPHYS.
The new ATA/SATA code supports AHCI-compliant hardware, and will override the classic ATA driver if it is loaded as a module at boot time or compiled into the kernel. The stack now support NCQ (tagged queueing) for increased performance on modern SATA drives. It also supports port multipliers.
ATA drives are accessed via 'ada' device nodes. ATAPI drives are accessed via 'cd' device nodes. They can all be enumerated and manipulated via camcontrol, just like SCSI drives. SCSI commands are not translated to their ATA equivalents; ATA native commands are used throughout the entire stack, including camcontrol. See the camcontrol manpage for further details. Testing this code may require that you update your fstab, and possibly modify your BIOS to enable AHCI functionality, if available.
This code is very experimental at the moment. The userland ABI/API has changed, so applications will need to be recompiled. It may change further in the near future. The 'ada' device name may also change as more infrastructure is completed in this project. The goal is to eventually put all CAM busses and devices until newbus, allowing for interesting topology and management options.
Few functional changes will be seen with existing SCSI/SAS/FC drivers, though the userland ABI has still changed. In the future, transports specific modules for SAS and FC may appear in order to better support the topologies and capabilities of these technologies.
The modularization of CAM and the addition of the ATA/SATA modules is meant to break CAM out of the mold of being specific to SCSI, letting it grow to be a framework for arbitrary transports and protocols. It also allows drivers to be written to support discrete hardware without jeopardizing the stability of non-related hardware. While only an AHCI driver is provided now, a Silicon Image driver is also in the works. Drivers for ICH1-4, ICH5-6, PIIX, classic IDE, and any other hardware is possible and encouraged. Help with new transports is also encouraged.
Submitted by: scottl, mav Approved by: re
|
74840 |
27-Mar-2001 |
ken |
Rewrite of the CAM error recovery code.
Some of the major changes include:
- The SCSI error handling portion of cam_periph_error() has been broken out into a number of subfunctions to better modularize the code that handles the hierarchy of SCSI errors. As a result, the code is now much easier to read.
- String handling and error printing has been significantly revamped. We now use sbufs to do string formatting instead of using printfs (for the kernel) and snprintf/strncat (for userland) as before.
There is a new catchall error printing routine, cam_error_print() and its string-based counterpart, cam_error_string() that allow the kernel and userland applications to pass in a CCB and have errors printed out properly, whether or not they're SCSI errors. Among other things, this helped eliminate a fair amount of duplicate code in camcontrol.
We now print out more information than before, including the CAM status and SCSI status and the error recovery action taken to remedy the problem.
- sbufs are now available in userland, via libsbuf. This change was necessary since most of the error printing code is shared between libcam and the kernel.
- A new transfer settings interface is included in this checkin. This code is #ifdef'ed out, and is primarily intended to aid discussion with HBA driver authors on the final form the interface should take. There is example code in the ahc(4) driver that implements the HBA driver side of the new interface. The new transfer settings code won't be enabled until we're ready to switch all HBA drivers over to the new interface.
src/Makefile.inc1, lib/Makefile: Add libsbuf. It must be built before libcam, since libcam uses sbuf routines.
libcam/Makefile: libcam now depends on libsbuf.
libsbuf/Makefile: Add a makefile for libsbuf. This pulls in the sbuf sources from sys/kern.
bsd.libnames.mk: Add LIBSBUF.
camcontrol/Makefile: Add -lsbuf. Since camcontrol is statically linked, we can't depend on the dynamic linker to pull in libsbuf.
camcontrol.c: Use cam_error_print() instead of checking for CAM_SCSI_STATUS_ERROR on every failed CCB.
sbuf.9: Change the prototypes for sbuf_cat() and sbuf_cpy() so that the source string is now a const char *. This is more in line wth the standard system string functions, and helps eliminate warnings when dealing with a const source buffer.
Fix a typo.
cam.c: Add description strings for the various CAM error status values, as well as routines to look up those strings.
Add new cam_error_string() and cam_error_print() routines for userland and the kernel.
cam.h: Add a new CAM flag, CAM_RETRY_SELTO.
Add enumerated types for the various options available with cam_error_print() and cam_error_string().
cam_ccb.h: Add new transfer negotiation structures/types.
Change inq_len in the ccb_getdev structure to be "reserved". This field has never been filled in, and will be removed when we next bump the CAM version.
cam_debug.h: Fix typo.
cam_periph.c: Modularize cam_periph_error(). The SCSI error handling part of cam_periph_error() is now in camperiphscsistatuserror() and camperiphscsisenseerror().
In cam_periph_lock(), increase the reference count on the periph while we wait for our lock attempt to succeed so that the periph won't go away while we're sleeping.
cam_xpt.c: Add new transfer negotiation code. (ifdefed out)
Add a new function, xpt_path_string(). This is a string/sbuf analog to xpt_print_path().
scsi_all.c: Revamp string handing and error printing code. We now use sbufs for much of the string formatting code. More of that code is shared between userland the kernel.
scsi_all.h: Get rid of SS_TURSTART, it wasn't terribly useful in the first place.
Add a new error action, SS_REQSENSE. (Send a request sense and then retry the command.) This is useful when the controller hasn't performed autosense for some reason.
Change the default actions around a bit.
scsi_cd.c, scsi_da.c, scsi_pt.c, scsi_ses.c: SF_RETRY_SELTO -> CAM_RETRY_SELTO. Selection timeouts shouldn't be covered by a sense flag.
scsi_pass.[ch]: SF_RETRY_SELTO -> CAM_RETRY_SELTO.
Get rid of the last vestiges of a read/write interface.
libkern/bsearch.c, sys/libkern.h, conf/files: Add bsearch.c, which is needed for some of the new table lookup routines.
aic7xxx_freebsd.c: Define AHC_NEW_TRAN_SETTINGS if CAM_NEW_TRAN_CODE is defined.
sbuf.h, subr_sbuf.c: Add the appropriate #ifdefs so sbufs can compile and run in userland.
Change sbuf_printf() to use vsnprintf() instead of kvprintf(), which is only available in the kernel.
Change the source string for sbuf_cpy() and sbuf_cat() to be a const char *.
Add __BEGIN_DECLS and __END_DECLS around function prototypes since they're now exported to userland.
kdump/mkioctls: Include stdio.h before cam.h since cam.h now includes a function with a FILE * argument.
Submitted by: gibbs (mostly) Reviewed by: jdp, marcel (libsbuf makefile changes) Reviewed by: des (sbuf changes) Reviewed by: ken
|
64382 |
08-Aug-2000 |
kbyanc |
This is an overhaul of the mode page handling in camcontrol as well as related patches. These include: * Mode page editting can be scripted. This involves two things: first, if stdin is not a tty, changes are read from stdin rather than invoking $EDITOR. Second, and more importantly, not all modepage entries must be included in the change set. This means that camcontrol can now gracefully handle more intrusive editting from the $EDITOR, including removal or rearrangement of lines. It also means that you can do stuff like: # echo "WCE: 1" | camcontrol modepage da3 -m 8 -e # newfs /dev/da3 # echo "WCE: 0" | camcontrol modepage da3 -m 8 -e * Range-checking on user-supplied input values. modeedit.c now uses the field width specifiers to determine the maximum allowable value for a field. If the user enters a value larger than the maximum, it clips the value to the max and warns the user. This also involved patching cam_cmdparse.c to be more consistent with regards to the "count" parameter to arg_put (previously is was the length of strings and 1 for all integral types). The cam_cdbparse(3) man page was also updated to reflect the revised semantics. * In the process, I removed the 64 entry limit on mode pages (not that we were even close to hitting that limit). This was a nice side-effect of the other changes. * Technically, the new mode editting functionality allows editting of character array entries in mode pages (type 'c' or 'z'), however since buff_encode doesn't grok them it is currently useless. * Camcontrol gained two new options related to mode pages: -l and -b. The former lists all available mode pages for a given device. The latter forces mode page display in binary format (the default when no mode page definition was found in scsi_modes). * Added support for mode page names to scsi_modes. Allows names to be displayed alongside mode numbers in the mode page listing. Updated scsi_modes to use the new functionality. This also adds the semicolon into the scsi_modes syntax as an optional mode page definition terminator. This is needed to name pages without providing a page format definition. * Updated scsi_all.h to include a structure describing mode page headers. * Added $FreeBSD$ line to scsi_modes.
Inspired by: dwhite Reviewed by: ken
|
60767 |
21-May-2000 |
ken |
Implement a new camcontrol function, 'camcontrol format'.
libcam/Makefile: Add scsi_da.c to libcam for the new scsi_format_unit() function.
camcontrol.8: Update the man page for the new format functionality, and take out the examples section describing how to do it with 'camcontrol cmd'.
camcontrol.c: New format functionality. Note that unlike the rest of the camcontrol subcommands, this one is interactive by default. Because of the potential destructiveness of the format command, I thought it necessary to get confirmation from the user before spamming a disk. You can disable the interactive behavior, and the status meter with command line arguments.
scsi_da.c: Add the new scsi_format_unit() cdb building function and use #ifdef _KERNEL to make this file compile in both the kernel and userland. The format unit function is currently only defined in the non-kernel case, because nothing in the kernel is using it. If that changes, it should be un-ifdefed and compiled in both cases.
scsi_da.h: New function declaration, CDB structure and format data structures.
Thanks to Nick Hibma for providing some valuable input on these changes.
|