From: Bart Van Assche <bart.vanassche@sandisk.com> To: "Martin K . Petersen" <martin.petersen@oracle.com>, James Bottomley <James.Bottomley@HansenPartnership.com> Cc: <linux-scsi@vger.kernel.org>, Bart Van Assche <bart.vanassche@sandisk.com>, Christoph Hellwig <hch@lst.de>, Omar Sandoval <osandov@fb.com>, Hannes Reinecke <hare@suse.com>, <linux-block@vger.kernel.org> Subject: [PATCH 02/18] bsg: Check private request size before attaching to a queue Date: Fri, 19 May 2017 11:30:00 -0700 [thread overview] Message-ID: <20170519183016.12646-3-bart.vanassche@sandisk.com> (raw) In-Reply-To: <20170519183016.12646-1-bart.vanassche@sandisk.com> Since BSG only supports request queues for which struct scsi_request is the first member of their private request data, refuse to register block layer queues for which the private data is smaller than struct scsi_request. References: commit bd1599d931ca ("scsi_transport_sas: fix BSG ioctl memory corruption") References: commit 82ed4db499b8 ("block: split scsi_request out of struct request") Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Omar Sandoval <osandov@fb.com> Cc: Hannes Reinecke <hare@suse.com> Cc: linux-block@vger.kernel.org --- block/bsg.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/block/bsg.c b/block/bsg.c index 6fd08544d77e..5ccecc9855ac 100644 --- a/block/bsg.c +++ b/block/bsg.c @@ -750,6 +750,12 @@ static struct bsg_device *bsg_add_device(struct inode *inode, #ifdef BSG_DEBUG unsigned char buf[32]; #endif + + if (blk_queue_cmd_size(rq) < sizeof(struct scsi_request)) { + WARN_ONCE(true, "Attempt to register a non-SCSI queue\n"); + return ERR_PTR(-EINVAL); + } + if (!blk_get_queue(rq)) return ERR_PTR(-ENXIO); -- 2.12.2
WARNING: multiple messages have this Message-ID (diff)
From: Bart Van Assche <bart.vanassche@sandisk.com> To: "Martin K . Petersen" <martin.petersen@oracle.com>, James Bottomley <James.Bottomley@HansenPartnership.com> Cc: linux-scsi@vger.kernel.org, Bart Van Assche <bart.vanassche@sandisk.com>, Christoph Hellwig <hch@lst.de>, Omar Sandoval <osandov@fb.com>, Hannes Reinecke <hare@suse.com>, linux-block@vger.kernel.org Subject: [PATCH 02/18] bsg: Check private request size before attaching to a queue Date: Fri, 19 May 2017 11:30:00 -0700 [thread overview] Message-ID: <20170519183016.12646-3-bart.vanassche@sandisk.com> (raw) In-Reply-To: <20170519183016.12646-1-bart.vanassche@sandisk.com> Since BSG only supports request queues for which struct scsi_request is the first member of their private request data, refuse to register block layer queues for which the private data is smaller than struct scsi_request. References: commit bd1599d931ca ("scsi_transport_sas: fix BSG ioctl memory corruption") References: commit 82ed4db499b8 ("block: split scsi_request out of struct request") Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Omar Sandoval <osandov@fb.com> Cc: Hannes Reinecke <hare@suse.com> Cc: linux-block@vger.kernel.org --- block/bsg.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/block/bsg.c b/block/bsg.c index 6fd08544d77e..5ccecc9855ac 100644 --- a/block/bsg.c +++ b/block/bsg.c @@ -750,6 +750,12 @@ static struct bsg_device *bsg_add_device(struct inode *inode, #ifdef BSG_DEBUG unsigned char buf[32]; #endif + + if (blk_queue_cmd_size(rq) < sizeof(struct scsi_request)) { + WARN_ONCE(true, "Attempt to register a non-SCSI queue\n"); + return ERR_PTR(-EINVAL); + } + if (!blk_get_queue(rq)) return ERR_PTR(-ENXIO); -- 2.12.2
next prev parent reply other threads:[~2017-05-19 18:30 UTC|newest] Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-05-19 18:29 [PATCH 00/18] Unify and simplify SCSI request initialization Bart Van Assche 2017-05-19 18:29 ` [PATCH 01/18] block: Introduce blk_queue_cmd_size() Bart Van Assche 2017-05-19 18:29 ` Bart Van Assche 2017-05-21 6:54 ` Christoph Hellwig 2017-05-19 18:30 ` Bart Van Assche [this message] 2017-05-19 18:30 ` [PATCH 02/18] bsg: Check private request size before attaching to a queue Bart Van Assche 2017-05-21 6:32 ` Christoph Hellwig 2017-05-21 14:33 ` Bart Van Assche 2017-05-21 14:33 ` Bart Van Assche 2017-05-22 7:49 ` hch 2017-05-19 18:30 ` [PATCH 03/18] pktcdvd: " Bart Van Assche 2017-05-19 18:30 ` Bart Van Assche 2017-05-19 18:30 ` [PATCH 04/18] cdrom: " Bart Van Assche 2017-05-19 18:30 ` Bart Van Assche 2017-05-19 18:30 ` [PATCH 05/18] nfsd: Check private request size before submitting a SCSI request Bart Van Assche 2017-05-19 18:30 ` Bart Van Assche 2017-05-19 19:03 ` J . Bruce Fields 2017-05-19 18:30 ` [PATCH 06/18] scsi: Make scsi_ioctl_reset() pass the request queue pointer to blk_rq_init() Bart Van Assche 2017-05-21 6:50 ` Christoph Hellwig 2017-05-21 16:41 ` Bart Van Assche 2017-05-22 6:06 ` Hannes Reinecke 2017-05-22 7:54 ` hch 2017-05-22 8:46 ` Hannes Reinecke 2017-05-22 12:48 ` hch 2017-05-22 12:56 ` Hannes Reinecke 2017-05-22 13:00 ` hch 2017-05-19 18:30 ` [PATCH 07/18] block: Introduce request_queue.initialize_rq_fn() Bart Van Assche 2017-05-19 18:30 ` Bart Van Assche 2017-05-21 6:34 ` Christoph Hellwig 2017-05-22 17:07 ` Bart Van Assche 2017-05-22 17:07 ` Bart Van Assche 2017-05-19 18:30 ` [PATCH 08/18] block: Make scsi_req_init() calls implicit Bart Van Assche 2017-05-19 18:30 ` Bart Van Assche 2017-05-21 6:42 ` Christoph Hellwig 2017-05-19 18:30 ` [PATCH 09/18] scsi: Change argument type of scsi_req_init() Bart Van Assche 2017-05-21 6:43 ` Christoph Hellwig 2017-05-19 18:30 ` [PATCH 10/18] scsi: Only add commands to the device command list if required by the LLD Bart Van Assche 2017-05-21 6:44 ` Christoph Hellwig 2017-05-19 18:30 ` [PATCH 11/18] scsi: Move most of scsi_init_command() into scsi_initialize_rq() Bart Van Assche 2017-05-21 6:45 ` Christoph Hellwig 2017-05-21 6:46 ` Christoph Hellwig 2017-05-21 6:47 ` Christoph Hellwig 2017-05-19 18:30 ` [PATCH 12/18] scsi: Inline scsi_init_command() Bart Van Assche 2017-05-21 6:47 ` Christoph Hellwig 2017-05-19 18:30 ` [PATCH 13/18] scsi: Move sense buffer pointer initialization into scsi_initialize_rq() Bart Van Assche 2017-05-21 6:48 ` Christoph Hellwig 2017-05-19 18:30 ` [PATCH 14/18] scsi: Make scsi_initialize_rq() zero the entire struct scsi_cmnd Bart Van Assche 2017-05-21 6:49 ` Christoph Hellwig 2017-05-22 17:12 ` Bart Van Assche 2017-05-19 18:30 ` [PATCH 15/18] scsi: storvsc: Initialize driver-private command before using it Bart Van Assche 2017-05-21 6:51 ` Christoph Hellwig 2017-05-22 17:15 ` Bart Van Assche 2017-05-19 18:30 ` [PATCH 16/18] scsi-mq: Make behavior scsi_mq_prep_fn() closer to that of scsi_prep_fn() Bart Van Assche 2017-05-21 6:52 ` Christoph Hellwig 2017-05-19 18:30 ` [PATCH 17/18] scsi: Consolidate more initialization code Bart Van Assche 2017-05-21 6:52 ` Christoph Hellwig 2017-05-19 18:30 ` [PATCH 18/18] scsi_setup_fs_cmnd(): Call scsi_req_init() instead of open-coding it Bart Van Assche 2017-05-21 6:52 ` Christoph Hellwig
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20170519183016.12646-3-bart.vanassche@sandisk.com \ --to=bart.vanassche@sandisk.com \ --cc=James.Bottomley@HansenPartnership.com \ --cc=hare@suse.com \ --cc=hch@lst.de \ --cc=linux-block@vger.kernel.org \ --cc=linux-scsi@vger.kernel.org \ --cc=martin.petersen@oracle.com \ --cc=osandov@fb.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.