Page MenuHomeFreeBSD
Differential D24489

Don't pass a user buffer pointer as the data pointer in a CCB.
ClosedPublic
Actions

Authored by jhb on Apr 18 2020, 8:22 PM.
Tags
None
Referenced Files
Unknown Object (File)
Jan 31 2024, 2:44 AM
Unknown Object (File)
Jan 14 2024, 3:02 AM
Unknown Object (File)
Dec 23 2023, 1:00 AM
Unknown Object (File)
Dec 14 2023, 3:56 PM
Unknown Object (File)
Dec 11 2023, 1:49 AM
Unknown Object (File)
Sep 26 2023, 11:40 AM
Unknown Object (File)
Sep 25 2023, 1:34 AM
Unknown Object (File)
Sep 15 2023, 5:03 PM
View All 30 Files
Subscribers
ken

Details

Reviewers
scottl
imp
brooks
Commits
rS360179: Don't pass a user buffer pointer as the data pointer in a CCB.
Summary

Allocate a temporary buffer in the kernel to serve as the CCB data
pointer for a pass-through transaction and using copyin/copyout to
shuffle the data to/from the user buffer.

Test Plan
  • compile tested only, found on CheriBSD where user and kernel pointers have different types, so conflating the two gives compile errors

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Apr 18 2020, 8:22 PM
Harbormaster completed remote builds in B30596: Diff 70750.Apr 18 2020, 8:22 PM
imp added inline comments.Apr 18 2020, 9:15 PM
sys/cam/scsi/scsi_sg.c
633 ↗(On Diff #70750)

Dir & CAM_DIR_OUT?

brooks accepted this revision.Apr 20 2020, 5:08 PM

Modulo accepting or rejecting @imp's suggestion this looks good.

This revision is now accepted and ready to land.Apr 20 2020, 5:08 PM
jhb added inline comments.Apr 20 2020, 10:16 PM
sys/cam/scsi/scsi_sg.c
582 ↗(On Diff #70750)

That is why I changed this btw, because BOTH != IN | OUT.

633 ↗(On Diff #70750)

If only that would work. :(

From cam.h (and I don't know why this is so dumb):

	CAM_DIR_BOTH		= 0x00000000,/* Data direction (00:IN/OUT)    */
	CAM_DIR_IN		= 0x00000040,/* Data direction (01:DATA IN)   */
	CAM_DIR_OUT		= 0x00000080,/* Data direction (10:DATA OUT)  */
	CAM_DIR_NONE		= 0x000000C0,/* Data direction (11:no data)   */
	CAM_DIR_MASK		= 0x000000C0,/* Data direction Mask	      */
scottl added inline comments.Apr 21 2020, 3:12 PM
sys/cam/scsi/scsi_sg.c
633 ↗(On Diff #70750)

Then we should seriously consider changing this.

jhb added a subscriber: ken.Apr 21 2020, 5:51 PM
jhb added inline comments.
sys/cam/scsi/scsi_sg.c
633 ↗(On Diff #70750)

Hmm, rS216088 is when the 0 value was changed from RESERVED to BOTH. Maybe @ken has some thoughts?

jhb added a comment.Apr 21 2020, 5:52 PM

I do think if we change CAM_DIR_BOTH we should probably do that as a separate change from this though? Do we think this patch is ok given the current CAM_DIR_* values?

scottl accepted this revision.Apr 21 2020, 6:02 PM

Yep, can tackle the CAM_DIR problem separately.

ken added inline comments.Apr 21 2020, 6:06 PM
sys/cam/scsi/scsi_sg.c
633 ↗(On Diff #70750)

I added CAM_DIR_BOTH for SMP commands, because they are effectively bidirectional. The request was too big to allocate statically in the CCB.

The SCSI standard also defines bi-directional commands, at least with opcode 0x9D (Service Action Bi-Directional).

In other words, we can't remove bi-directional support, we need it in some form. This is also why it is typically written:

if ((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_X)

scottl added a comment.Apr 21 2020, 6:10 PM

The problem isn't the existence of bi-directional commands, it's that DIR_BOTH == 0, not an OR'ing of DIR_IN and DIR_OUT, as would be expected.

ken added a comment.Apr 21 2020, 6:14 PM
In D24489#539455, @scottl wrote:

The problem isn't the existence of bi-directional commands, it's that DIR_BOTH == 0, not an OR'ing of DIR_IN and DIR_OUT, as would be expected.

Well, CAM_DIR_NONE was defined as all 1's from the beginning. It was that way in the ANSI CAM spec. 0's was defined as CAM_DIR_RESV.

So that is why it is that way...

scottl added a comment.Apr 21 2020, 10:11 PM

Blah, but thanks for the history on it, I guess I never noticed before. I would be surprised if this hasn't caused bugs. There's no longer an active standards group, and even if there was I'd advocate that this is wrong. Let's follow up with a change on it.

imp added a comment.Apr 21 2020, 10:29 PM
In D24489#539551, @scottl wrote:

Blah, but thanks for the history on it, I guess I never noticed before. I would be surprised if this hasn't caused bugs. There's no longer an active standards group, and even if there was I'd advocate that this is wrong. Let's follow up with a change on it.

I'd love to change this too... but I worry about userland/kernel ABI changes being hard to transition...

Closed by commit rS360179: Don't pass a user buffer pointer as the data pointer in a CCB. (authored by jhb). · Explain WhyApr 21 2020, 11:39 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rS360179: Don't pass a user buffer pointer as the data pointer in a CCB..

Revision Contents
Changeset List

PathSize
head/
sys/
cam/
scsi/
27 lines

Diff 70863

View Options

head/sys/cam/scsi/scsi_sg.c

Loading...