| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Aug 2012 11:28:43 +0900 From: Chanho Min <chanho0207@...il.com> To: James Bottomley <James.Bottomley@...senpartnership.com> Cc: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org, Jens Axboe <axboe@...nel.dk>, Tejun Heo <tj@...nel.org> Subject: Re: [PATCH] fix NULL-pointer dereference on scsi_run_queue > Does it occur with that patch applied? I'm trying to reproduce it with that patch. but, It is unlikely to be fixed. because scsi_run_queue is invoked from scsi_requeue_run_queue, not scsi_requeue_command. > If it does, the likely fix would be to take a copy of the queue ... but > I'd like to understand why first. An active command has an automatic > reference to the sdev_gendev, so it shouldn't be the normal case. This > was broken by unprep because it releases the command from the queue and > drops the reference. We may have another case like unjprep, but in that __scsi_remove_device drops the last reference under race condition. > case, we need to find it ... trying to add extra get/put_device() calls > will paper over the problem. yes, extra reference is not good to fix. But, As long as scsi_device_dev_release_usercontext set request_queue to NULL, Isn't it necessary to ensure that __blk_run_queue don't release device? Thanks a lot! Chanho Min -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists