diff options
author | scottl <scottl@FreeBSD.org> | 2007-01-02 04:12:34 +0000 |
---|---|---|
committer | scottl <scottl@FreeBSD.org> | 2007-01-02 04:12:34 +0000 |
commit | 0f8436a23942a04378386a08f52befcec6b0dff5 (patch) | |
tree | ba716f850dc122c72e48ba411ab3144833db1fb5 /sys/dev/mfi | |
parent | fae0d5498b875685564e3ff12f6788b49eff444d (diff) | |
download | FreeBSD-src-0f8436a23942a04378386a08f52befcec6b0dff5.zip FreeBSD-src-0f8436a23942a04378386a08f52befcec6b0dff5.tar.gz |
Make sure that all of the fields in the header are clean. It was possible for
unsafe flags to leak from one command to another.
Diffstat (limited to 'sys/dev/mfi')
-rw-r--r-- | sys/dev/mfi/mfi.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/sys/dev/mfi/mfi.c b/sys/dev/mfi/mfi.c index 77a8e32..9a14eae 100644 --- a/sys/dev/mfi/mfi.c +++ b/sys/dev/mfi/mfi.c @@ -446,17 +446,21 @@ mfi_release_command(struct mfi_command *cm) /* * Zero out the important fields of the frame, but make sure the - * context field is preserved + * context field is preserved. For efficiency, handle the fields + * as 32 bit words. Clear out the first S/G entry too for safety. */ - hdr_data = (uint32_t *)cm->cm_frame; - hdr_data[0] = 0; - hdr_data[1] = 0; - hdr = &cm->cm_frame->header; if (hdr->sg_count) { cm->cm_sg->sg32[0].len = 0; cm->cm_sg->sg32[0].addr = 0; } + + hdr_data = (uint32_t *)cm->cm_frame; + hdr_data[0] = 0; /* cmd, sense_len, cmd_status, scsi_status */ + hdr_data[1] = 0; /* target_id, lun_id, cdb_len, sg_count */ + hdr_data[4] = 0; /* flags, timeout */ + hdr_data[5] = 0; /* data_len */ + cm->cm_extra_frames = 0; cm->cm_flags = 0; cm->cm_complete = NULL; |