From: Bart Van Assche <bart.vanassche@sandisk.com>
To: "Martin K . Petersen" <martin.petersen@oracle.com>,
James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: <linux-scsi@vger.kernel.org>,
Bart Van Assche <bart.vanassche@sandisk.com>,
Christoph Hellwig <hch@lst.de>, Omar Sandoval <osandov@fb.com>,
Hannes Reinecke <hare@suse.com>, <linux-block@vger.kernel.org>
Subject: [PATCH 02/18] bsg: Check private request size before attaching to a queue
Date: Fri, 19 May 2017 11:30:00 -0700 [thread overview]
Message-ID: <20170519183016.12646-3-bart.vanassche@sandisk.com> (raw)
In-Reply-To: <20170519183016.12646-1-bart.vanassche@sandisk.com>
Since BSG only supports request queues for which struct scsi_request
is the first member of their private request data, refuse to register
block layer queues for which the private data is smaller than struct
scsi_request.
References: commit bd1599d931ca ("scsi_transport_sas: fix BSG ioctl memory corruption")
References: commit 82ed4db499b8 ("block: split scsi_request out of struct request")
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Omar Sandoval <osandov@fb.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: linux-block@vger.kernel.org
---
block/bsg.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/block/bsg.c b/block/bsg.c
index 6fd08544d77e..5ccecc9855ac 100644
--- a/block/bsg.c
+++ b/block/bsg.c
@@ -750,6 +750,12 @@ static struct bsg_device *bsg_add_device(struct inode *inode,
#ifdef BSG_DEBUG
unsigned char buf[32];
#endif
+
+ if (blk_queue_cmd_size(rq) < sizeof(struct scsi_request)) {
+ WARN_ONCE(true, "Attempt to register a non-SCSI queue\n");
+ return ERR_PTR(-EINVAL);
+ }
+
if (!blk_get_queue(rq))
return ERR_PTR(-ENXIO);
--
2.12.2
WARNING: multiple messages have this Message-ID (diff)
From: Bart Van Assche <bart.vanassche@sandisk.com>
To: "Martin K . Petersen" <martin.petersen@oracle.com>,
James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: linux-scsi@vger.kernel.org,
Bart Van Assche <bart.vanassche@sandisk.com>,
Christoph Hellwig <hch@lst.de>, Omar Sandoval <osandov@fb.com>,
Hannes Reinecke <hare@suse.com>,
linux-block@vger.kernel.org
Subject: [PATCH 02/18] bsg: Check private request size before attaching to a queue
Date: Fri, 19 May 2017 11:30:00 -0700 [thread overview]
Message-ID: <20170519183016.12646-3-bart.vanassche@sandisk.com> (raw)
In-Reply-To: <20170519183016.12646-1-bart.vanassche@sandisk.com>
Since BSG only supports request queues for which struct scsi_request
is the first member of their private request data, refuse to register
block layer queues for which the private data is smaller than struct
scsi_request.
References: commit bd1599d931ca ("scsi_transport_sas: fix BSG ioctl memory corruption")
References: commit 82ed4db499b8 ("block: split scsi_request out of struct request")
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Omar Sandoval <osandov@fb.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: linux-block@vger.kernel.org
---
block/bsg.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/block/bsg.c b/block/bsg.c
index 6fd08544d77e..5ccecc9855ac 100644
--- a/block/bsg.c
+++ b/block/bsg.c
@@ -750,6 +750,12 @@ static struct bsg_device *bsg_add_device(struct inode *inode,
#ifdef BSG_DEBUG
unsigned char buf[32];
#endif
+
+ if (blk_queue_cmd_size(rq) < sizeof(struct scsi_request)) {
+ WARN_ONCE(true, "Attempt to register a non-SCSI queue\n");
+ return ERR_PTR(-EINVAL);
+ }
+
if (!blk_get_queue(rq))
return ERR_PTR(-ENXIO);
--
2.12.2
next prev parent reply other threads:[~2017-05-19 18:30 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-19 18:29 [PATCH 00/18] Unify and simplify SCSI request initialization Bart Van Assche
2017-05-19 18:29 ` [PATCH 01/18] block: Introduce blk_queue_cmd_size() Bart Van Assche
2017-05-19 18:29 ` Bart Van Assche
2017-05-21 6:54 ` Christoph Hellwig
2017-05-19 18:30 ` Bart Van Assche [this message]
2017-05-19 18:30 ` [PATCH 02/18] bsg: Check private request size before attaching to a queue Bart Van Assche
2017-05-21 6:32 ` Christoph Hellwig
2017-05-21 14:33 ` Bart Van Assche
2017-05-21 14:33 ` Bart Van Assche
2017-05-22 7:49 ` hch
2017-05-19 18:30 ` [PATCH 03/18] pktcdvd: " Bart Van Assche
2017-05-19 18:30 ` Bart Van Assche
2017-05-19 18:30 ` [PATCH 04/18] cdrom: " Bart Van Assche
2017-05-19 18:30 ` Bart Van Assche
2017-05-19 18:30 ` [PATCH 05/18] nfsd: Check private request size before submitting a SCSI request Bart Van Assche
2017-05-19 18:30 ` Bart Van Assche
2017-05-19 19:03 ` J . Bruce Fields
2017-05-19 18:30 ` [PATCH 06/18] scsi: Make scsi_ioctl_reset() pass the request queue pointer to blk_rq_init() Bart Van Assche
2017-05-21 6:50 ` Christoph Hellwig
2017-05-21 16:41 ` Bart Van Assche
2017-05-22 6:06 ` Hannes Reinecke
2017-05-22 7:54 ` hch
2017-05-22 8:46 ` Hannes Reinecke
2017-05-22 12:48 ` hch
2017-05-22 12:56 ` Hannes Reinecke
2017-05-22 13:00 ` hch
2017-05-19 18:30 ` [PATCH 07/18] block: Introduce request_queue.initialize_rq_fn() Bart Van Assche
2017-05-19 18:30 ` Bart Van Assche
2017-05-21 6:34 ` Christoph Hellwig
2017-05-22 17:07 ` Bart Van Assche
2017-05-22 17:07 ` Bart Van Assche
2017-05-19 18:30 ` [PATCH 08/18] block: Make scsi_req_init() calls implicit Bart Van Assche
2017-05-19 18:30 ` Bart Van Assche
2017-05-21 6:42 ` Christoph Hellwig
2017-05-19 18:30 ` [PATCH 09/18] scsi: Change argument type of scsi_req_init() Bart Van Assche
2017-05-21 6:43 ` Christoph Hellwig
2017-05-19 18:30 ` [PATCH 10/18] scsi: Only add commands to the device command list if required by the LLD Bart Van Assche
2017-05-21 6:44 ` Christoph Hellwig
2017-05-19 18:30 ` [PATCH 11/18] scsi: Move most of scsi_init_command() into scsi_initialize_rq() Bart Van Assche
2017-05-21 6:45 ` Christoph Hellwig
2017-05-21 6:46 ` Christoph Hellwig
2017-05-21 6:47 ` Christoph Hellwig
2017-05-19 18:30 ` [PATCH 12/18] scsi: Inline scsi_init_command() Bart Van Assche
2017-05-21 6:47 ` Christoph Hellwig
2017-05-19 18:30 ` [PATCH 13/18] scsi: Move sense buffer pointer initialization into scsi_initialize_rq() Bart Van Assche
2017-05-21 6:48 ` Christoph Hellwig
2017-05-19 18:30 ` [PATCH 14/18] scsi: Make scsi_initialize_rq() zero the entire struct scsi_cmnd Bart Van Assche
2017-05-21 6:49 ` Christoph Hellwig
2017-05-22 17:12 ` Bart Van Assche
2017-05-19 18:30 ` [PATCH 15/18] scsi: storvsc: Initialize driver-private command before using it Bart Van Assche
2017-05-21 6:51 ` Christoph Hellwig
2017-05-22 17:15 ` Bart Van Assche
2017-05-19 18:30 ` [PATCH 16/18] scsi-mq: Make behavior scsi_mq_prep_fn() closer to that of scsi_prep_fn() Bart Van Assche
2017-05-21 6:52 ` Christoph Hellwig
2017-05-19 18:30 ` [PATCH 17/18] scsi: Consolidate more initialization code Bart Van Assche
2017-05-21 6:52 ` Christoph Hellwig
2017-05-19 18:30 ` [PATCH 18/18] scsi_setup_fs_cmnd(): Call scsi_req_init() instead of open-coding it Bart Van Assche
2017-05-21 6:52 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170519183016.12646-3-bart.vanassche@sandisk.com \
--to=bart.vanassche@sandisk.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=hare@suse.com \
--cc=hch@lst.de \
--cc=linux-block@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=osandov@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.