lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 25 May 2011 15:52:16 -0400 (EDT)
From:	Parag Warudkar <parag.lkml@...il.com>
To:	Jens Axboe <jaxboe@...ionio.com>
cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Parag Warudkar <parag.lkml@...il.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"James.Bottomley@...senpartnership.com" 
	<James.Bottomley@...senpartnership.com>,
	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
	Linux SCSI List <linux-scsi@...r.kernel.org>
Subject: Re: [PATCH] SCSI IOCTL: Check for device deletion [was Re: 
 __elv_add_request OOPS]



On Wed, 25 May 2011, Jens Axboe wrote:

> I don't think we can move it earlier, we essentially have to do the
> check at both ends. The "normal" IO path would see that the queue is
> dead and error the IO, but this is an internal setup that sets up the
> request and then adds it to the stored queue pointer. So it needs to
> check this state one way or the other. I think the above fix with the
> sdev_alive() will be good enough.
> 

If I understood it right we need checks in both places (kind of makes 
sense as the device could be gone *after* we checked in ioctl function and 
before the request queue was dereferenced). So here is the ioctl check 
with a helper function for state check that Linus asked for.

Signed-off-by: Parag Warudkar <parag.lkml@...il.com>

diff --git a/drivers/scsi/scsi_ioctl.c b/drivers/scsi/scsi_ioctl.c
index d9564fb..8615e63 100644
--- a/drivers/scsi/scsi_ioctl.c
+++ b/drivers/scsi/scsi_ioctl.c
@@ -30,6 +30,13 @@
 
 #define MAX_BUF PAGE_SIZE
 
+static inline int sdev_early_check(struct scsi_device *sdev)
+{
+	if (!sdev || sdev->sdev_state == SDEV_DEL
+		|| sdev->sdev_state > SDEV_QUIESCE)
+		return -ENXIO;
+	return 0;
+}
 /**
  * ioctl_probe  --  return host identification
  * @host:	host to identify
@@ -91,6 +98,10 @@ static int ioctl_internal_command(struct scsi_device *sdev, char *cmd,
 	int result;
 	struct scsi_sense_hdr sshdr;
 
+	result = sdev_early_check(sdev);
+	if (result)
+		return result;
+
 	SCSI_LOG_IOCTL(1, printk("Trying ioctl with scsi command %d\n", *cmd));
 
 	result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0,
@@ -194,10 +205,11 @@ static int scsi_ioctl_get_pci(struct scsi_device *sdev, void __user *arg)
 int scsi_ioctl(struct scsi_device *sdev, int cmd, void __user *arg)
 {
 	char scsi_cmd[MAX_COMMAND_SIZE];
+	int result;
 
-	/* No idea how this happens.... */
-	if (!sdev)
-		return -ENXIO;
+	result = sdev_early_check(sdev);
+	if (result)
+		return result;
 
 	/*
 	 * If we are in the middle of error recovery, don't let anyone
@@ -288,6 +300,10 @@ int scsi_nonblockable_ioctl(struct scsi_device *sdev, int cmd,
 {
 	int val, result;
 
+	result = sdev_early_check(sdev);
+	if (result)
+		return result;
+
 	/* The first set of iocts may be executed even if we're doing
 	 * error processing, as long as the device was opened
 	 * non-blocking */
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ