From: Douglas Gilbert <dgilbert@interlog.com>
To: Tony Battersby <tonyb@cybernetics.com>
Cc: James.Bottomley@HansenPartnership.com,
FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>,
hch@infradead.org, linux-scsi@vger.kernel.org
Subject: Re: [PATCH 1/2] sg: fix races during device removal (v6)
Date: Mon, 26 Jan 2009 08:57:20 -0500 [thread overview]
Message-ID: <497DC140.3070207@interlog.com> (raw)
In-Reply-To: <49777B6E.1040805@cybernetics.com>
Tony Battersby wrote:
> sg has the following problems related to device removal:
>
> * opening a sg fd races with removing a device
> * closing a sg fd races with removing a device
> * /proc/scsi/sg/* access races with removing a device
> * command completion races with removing a device
> * command completion races with closing a sg fd
> * can rmmod sg with active commands
>
> These problems can cause kernel oopses, memory-use-after-free, or
> double-free errors. This patch fixes these problems by using krefs
> to manage the lifetime of sg_device and sg_fd.
>
> Each command submitted to the midlevel holds a reference to sg_fd
> until the completion callback. This ensures that sg_fd doesn't go
> away if the fd is closed with commands still outstanding.
>
> sg_fd gets the reference of sg_device (with scsi_device) and also
> makes sure that the sg module doesn't go away.
>
> /proc/scsi/sg/* functions don't play nicely with krefs because they
> give information about sg_fds which have been closed but not yet
> freed due to still having outstanding commands and sg_devices which
> have been removed but not yet freed due to still being referenced
> by one or more sg_fds. To deal with this safely without removing
> functionality, /proc functions now access sg_device and sg_fd while
> holding a lock instead of using kref_get()/kref_put().
>
> Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
> ---
>
> This version changes BUG_ON() to WARN_ON()/return as suggested by
> Stefan Richter.
>
> The second patch "[PATCH 2/2] sg: fix races with ioctl(SG_IO) (v2)"
> is still the same as before, so I am not resending it.
>
> sg.c | 418 ++++++++++++++++++++++++++++++++-----------------------------------
> 1 file changed, 201 insertions(+), 217 deletions(-)
>
> --- linux-2.6.29-rc2/drivers/scsi/sg.c.orig 2009-01-21 14:34:05.000000000 -0500
> +++ linux-2.6.29-rc2/drivers/scsi/sg.c 2009-01-21 14:36:00.000000000 -0500
Tony,
We seem to have consensus on this version (v6 20090121).
Thanks for you work.
Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
next prev parent reply other threads:[~2009-01-26 13:57 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-05 19:07 [PATCH 0/2] sg: fix races during device removal (v2) Tony Battersby
2009-01-08 23:21 ` Douglas Gilbert
2009-01-10 17:26 ` FUJITA Tomonori
2009-01-12 21:09 ` Tony Battersby
2009-01-13 16:24 ` FUJITA Tomonori
2009-01-14 20:31 ` Tony Battersby
2009-01-14 21:39 ` Greg KH
2009-01-14 21:59 ` Tony Battersby
2009-01-14 22:33 ` Stefan Richter
2009-01-14 22:53 ` Tony Battersby
2009-01-14 23:47 ` Stefan Richter
2009-01-15 14:47 ` Tony Battersby
2009-01-15 16:22 ` Stefan Richter
2009-01-15 16:44 ` Stefan Richter
2009-01-15 18:17 ` Tony Battersby
2009-01-15 18:47 ` Stefan Richter
2009-01-15 19:14 ` Stefan Richter
2009-01-15 19:20 ` Tony Battersby
2009-01-15 20:43 ` Stefan Richter
2009-01-15 21:43 ` Tony Battersby
2009-01-15 21:58 ` Stefan Richter
2009-01-15 22:23 ` Tony Battersby
2009-01-15 23:24 ` Stefan Richter
2009-01-16 14:16 ` Tony Battersby
2009-01-16 0:53 ` Stefan Richter
2009-01-16 8:09 ` Stefan Richter
2009-01-19 6:57 ` FUJITA Tomonori
2009-01-19 15:02 ` Tony Battersby
2009-01-19 23:03 ` [PATCH 1/2] sg: fix races during device removal (v4) Tony Battersby
2009-01-20 1:06 ` FUJITA Tomonori
2009-01-20 21:58 ` [PATCH 1/2] sg: fix races during device removal (v5) Tony Battersby
2009-01-21 18:25 ` Stefan Richter
2009-01-21 19:23 ` Tony Battersby
2009-01-21 19:45 ` [PATCH 1/2] sg: fix races during device removal (v6) Tony Battersby
2009-01-25 12:46 ` FUJITA Tomonori
2009-01-26 13:57 ` Douglas Gilbert [this message]
2009-01-28 1:51 ` FUJITA Tomonori
2009-01-28 15:06 ` James Bottomley
2009-01-20 22:00 ` [PATCH 2/2] sg: fix races with ioctl(SG_IO) (v2) Tony Battersby
2009-01-25 12:46 ` FUJITA Tomonori
2009-01-19 23:06 ` [PATCH 2/2] sg: fix races with ioctl(SG_IO) Tony Battersby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=497DC140.3070207@interlog.com \
--to=dgilbert@interlog.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=fujita.tomonori@lab.ntt.co.jp \
--cc=hch@infradead.org \
--cc=linux-scsi@vger.kernel.org \
--cc=tonyb@cybernetics.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.