| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Dec 2009 09:53:19 +0200 From: Boaz Harrosh <bharrosh@...asas.com> To: James Bottomley <James.Bottomley@...e.de>, linux-scsi <linux-scsi@...r.kernel.org>, open-osd <osd-dev@...n-osd.org>, Benny Halevy <bhalevy@...asas.com>, Alan Stern <stern@...land.harvard.edu> CC: Stable Tree <stable@...nel.org>, Linux Kernel <linux-kernel@...r.kernel.org> Subject: Re: [osd-dev] [PATCH] scsi_lib: Bug in completion of bidi commands On 12/15/2009 05:25 PM, Boaz Harrosh wrote: > > Because of the terrible structuring of scsi-bidi-commands > it breaks some of the life time rules of a scsi-command. > It is now not allowed to free up the block-request before > cleanup and partial deallocation of the scsi-command. (Which > is not so for none bidi commands) > > The right fix to this problem would be to make bidi command > a first citizen by allocating a scsi_sdb pointer at scsi command > just like cmd->prot_sdb. The bidi sdb should be allocated/deallocated > as part of the get/put_command (Again like the prot_sdb) and the > current decoupling of scsi_cmnd and blk-request should be kept. > > For now make sure scsi_release_buffers() is called before the > call to blk_end_request_all() which might cause the suicide of > the block requests. At best the leak of bidi buffers, at worse > a crash, as there is a race between the existence of the bidi_request > and the free of the associated bidi_sdb. > > The reason this was never hit before is because only OSD has the potential > of doing asynchronous bidi commands. (So does bsg but it is never used) > And OSD clients just happen to do all their bidi commands synchronously, up > until recently. > > CC: Stable Tree <stable@...nel.org> > Signed-off-by: Boaz Harrosh <bharrosh@...asas.com> James hi. What about this BUG. It affects anybody doing bidi commands. The possibilities are an sglist leak at best, and a crash at worse. I understand this code needs cleanup, but first things first. Lets first fix the bug, which should also go to stable. Then the cleanup can go to next merge window. BTW: Should I attempt a cleanup on current code, or should I wait for Alan's Patch to go in first? Thanks Boaz > --- > drivers/scsi/scsi_lib.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c > index 5987da8..bc9a881 100644 > --- a/drivers/scsi/scsi_lib.c > +++ b/drivers/scsi/scsi_lib.c > @@ -749,9 +749,9 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes) > */ > req->next_rq->resid_len = scsi_in(cmd)->resid; > > + scsi_release_buffers(cmd); > blk_end_request_all(req, 0); > > - scsi_release_buffers(cmd); > scsi_next_command(cmd); > return; > } -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists