| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 May 2014 16:48:47 -0400 From: Joe Lawrence <joe.lawrence@...atus.com> To: <linux-kernel@...r.kernel.org> CC: Jens Axboe <axboe@...nel.dk>, Joe Lawrence <joe.lawrence@...atus.com> Subject: [PATCH 0/2] block,scsi: fixup blk_get_request dead queue scenarios Hello Jens, This bug was originally reported against 3.10 and still exists in 3.15-rc5 [1] [2]. These changes were tested on-top of 3.15-rc5 with user-program that opens a CD device, its media is removed, and then the program issues a CDROMEJECT ioctl. Without this change, the kernel can crash in sg_scsi_ioctl on NULL request pointer. The first patch adds return checking to a few blk_get_request callers. The second patch is much larger, modifying the return value to include an ERR_PTR to indicate failure reason. I didn't touch any of the IDE callers save one since all but that one assume success. As such, the first can be merged without the second if the change is considered too dangerous. Feel free to drop any changes to files (like paride/pd.c) if they're considered deprecated. [1] http://thread.gmane.org/gmane.linux.scsi/80934 [2] http://thread.gmane.org/gmane.linux.kernel/1502882 Joe Lawrence (2): block,scsi: verify return pointer from blk_get_request block,scsi: convert and handle ERR_PTR from blk_get_request block/blk-core.c | 34 ++++++++++++++--------------- block/bsg.c | 8 +++---- block/scsi_ioctl.c | 13 ++++++++--- drivers/block/paride/pd.c | 2 ++ drivers/block/pktcdvd.c | 2 ++ drivers/block/sx8.c | 2 +- drivers/cdrom/cdrom.c | 4 ++-- drivers/ide/ide-park.c | 2 +- drivers/scsi/device_handler/scsi_dh_alua.c | 2 +- drivers/scsi/device_handler/scsi_dh_emc.c | 2 +- drivers/scsi/device_handler/scsi_dh_hp_sw.c | 4 ++-- drivers/scsi/device_handler/scsi_dh_rdac.c | 2 +- drivers/scsi/osd/osd_initiator.c | 4 ++-- drivers/scsi/osst.c | 2 +- drivers/scsi/scsi_error.c | 2 ++ drivers/scsi/scsi_lib.c | 2 +- drivers/scsi/scsi_tgt_lib.c | 2 +- drivers/scsi/sg.c | 4 ++-- drivers/scsi/st.c | 2 +- drivers/target/target_core_pscsi.c | 2 +- 20 files changed, 55 insertions(+), 42 deletions(-) -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists