Make sure that all of the fields in the header are clean. It was possible for

unsafe flags to leak from one command to another.
author: scottl <scottl@FreeBSD.org> 2007-01-02 04:12:34 +0000
committer: scottl <scottl@FreeBSD.org> 2007-01-02 04:12:34 +0000
commit: 0f8436a23942a04378386a08f52befcec6b0dff5 (patch)
tree: ba716f850dc122c72e48ba411ab3144833db1fb5 /sys/dev/mfi
parent: fae0d5498b875685564e3ff12f6788b49eff444d (diff)
download: FreeBSD-src-0f8436a23942a04378386a08f52befcec6b0dff5.zip
FreeBSD-src-0f8436a23942a04378386a08f52befcec6b0dff5.tar.gz
1 files changed, 9 insertions, 5 deletions
diff --git a/sys/dev/mfi/mfi.c b/sys/dev/mfi/mfi.c
index 77a8e32..9a14eae 100644
--- a/sys/dev/mfi/mfi.c
+++ b/sys/dev/mfi/mfi.c
@@ -446,17 +446,21 @@ mfi_release_command(struct mfi_command *cm)
 
 	/*
 	 * Zero out the important fields of the frame, but make sure the
-	 * context field is preserved
+	 * context field is preserved.  For efficiency, handle the fields
+	 * as 32 bit words.  Clear out the first S/G entry too for safety.
 	 */
-	hdr_data = (uint32_t *)cm->cm_frame;
-	hdr_data[0] = 0;
-	hdr_data[1] = 0;
-
 	hdr = &cm->cm_frame->header;
 	if (hdr->sg_count) {
 		cm->cm_sg->sg32[0].len = 0;
 		cm->cm_sg->sg32[0].addr = 0;
 	}
+
+	hdr_data = (uint32_t *)cm->cm_frame;
+	hdr_data[0] = 0;	/* cmd, sense_len, cmd_status, scsi_status */
+	hdr_data[1] = 0;	/* target_id, lun_id, cdb_len, sg_count */
+	hdr_data[4] = 0;	/* flags, timeout */
+	hdr_data[5] = 0;	/* data_len */
+
 	cm->cm_extra_frames = 0;
 	cm->cm_flags = 0;
 	cm->cm_complete = NULL;
author	scottl <scottl@FreeBSD.org>	2007-01-02 04:12:34 +0000
committer	scottl <scottl@FreeBSD.org>	2007-01-02 04:12:34 +0000
commit	0f8436a23942a04378386a08f52befcec6b0dff5 (patch)
tree	ba716f850dc122c72e48ba411ab3144833db1fb5 /sys/dev/mfi
parent	fae0d5498b875685564e3ff12f6788b49eff444d (diff)
download	FreeBSD-src-0f8436a23942a04378386a08f52befcec6b0dff5.zip FreeBSD-src-0f8436a23942a04378386a08f52befcec6b0dff5.tar.gz