From 45fceedf87551552abcf1c6dec976df792907c13 Mon Sep 17 00:00:00 2001 From: Warner Losh Date: Mon, 11 Nov 2019 17:36:57 +0000 Subject: [PATCH] Add asserts for some state transitions For the PROBEWP and PROBERC* states, add assertiosn that both the da device state is in the right state, as well as the ccb state is the right one when we enter dadone_probe{wp,rc}. This will ensure that we don't sneak through when we're re-probing the size and write protection status of the device and thereby leak a reference which can later lead to an invalidated peripheral going away before all references are released (and resulting panic). Reviewed by: scottl, ken Differential Revision: https://reviews.freebsd.org/D22295 --- sys/cam/scsi/scsi_da.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/sys/cam/scsi/scsi_da.c b/sys/cam/scsi/scsi_da.c index 913d015eecd..2d3ab971628 100644 --- a/sys/cam/scsi/scsi_da.c +++ b/sys/cam/scsi/scsi_da.c @@ -4613,6 +4613,14 @@ dadone_probewp(struct cam_periph *periph, union ccb *done_ccb) cam_periph_assert(periph, MA_OWNED); + KASSERT(softc->state == DA_STATE_PROBE_WP, + ("State (%d) not PROBE_WP in dadone_probewp, periph %p ccb %p", + softc->state, periph, done_ccb)); + KASSERT((csio->ccb_h.ccb_state & DA_CCB_TYPE_MASK) == DA_CCB_PROBE_WP, + ("CCB State (%lu) not PROBE_WP in dadone_probewp, periph %p ccb %p", + (unsigned long)csio->ccb_h.ccb_state & DA_CCB_TYPE_MASK, periph, + done_ccb)); + if (softc->minimum_cmd_size > 6) { mode_hdr10 = (struct scsi_mode_header_10 *)csio->data_ptr; dev_spec = mode_hdr10->dev_spec; @@ -4673,6 +4681,13 @@ dadone_proberc(struct cam_periph *periph, union ccb *done_ccb) csio = &done_ccb->csio; state = csio->ccb_h.ccb_state & DA_CCB_TYPE_MASK; + KASSERT(softc->state == DA_STATE_PROBE_RC || softc->state == DA_STATE_PROBE_RC16, + ("State (%d) not PROBE_RC* in dadone_proberc, periph %p ccb %p", + softc->state, periph, done_ccb)); + KASSERT(state == DA_CCB_PROBE_RC || state == DA_CCB_PROBE_RC16, + ("CCB State (%lu) not PROBE_RC* in dadone_probewp, periph %p ccb %p", + (unsigned long)state, periph, done_ccb)); + lbp = 0; rdcap = NULL; rcaplong = NULL;