From: Boaz Harrosh <bharrosh@panasas.com>
To: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: linux-scsi@vger.kernel.org, James.Bottomley@suse.de
Subject: Re: [PATCH] scsi: Fix printing of failed 32-byte commands
Date: Wed, 20 Jan 2010 10:47:06 +0200 [thread overview]
Message-ID: <4B56C30A.6040107@panasas.com> (raw)
In-Reply-To: <yq1ska1kzsk.fsf@sermon.lab.mkp.net>
On 01/20/2010 09:20 AM, Martin K. Petersen wrote:
>>>>>> "Boaz" == Boaz Harrosh <bharrosh@panasas.com> writes:
>
> Boaz> I don't like that flag. If cmd->cmnd is invalid after the call to
> Boaz> sd_done. Then I prefer if sd_done could NULL the pointer and any
> Boaz> access will BUG, instead of a dangerous use after free, which you
> Boaz> never know when it will bite.
>
> Boaz> Then if so scsi_print_command() can just silently ignore any
> cmd-> cmnd == NULL cases. (And a fat comment somewhere)
>
> Yeah, that's a better idea. I considered that flag a wart from the
> get-go...
>
>
> scsi: Fix printing of failed 32-byte commands
>
> Having the large CDB allocation logic in sd.c means that
> scsi_io_completion does not have access to the command buffer. That in
> turn causes garbage to be printed when a 32-byte command fails. Move the
> command printing to sd_done where the command buffer is intact. Clear
> the command buffer pointer after the extended CDB has been freed.
>
> Make scsi_print_command ignore commands with NULL CDB pointers to
> inhibit printing of garbled command strings.
>
> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
>
Grate, thanks looks much better.
Reviewed-by: Boaz Harrosh <bharrosh@panasas.com>
> diff --git a/drivers/scsi/constants.c b/drivers/scsi/constants.c
> index db68e3b..93606bc 100644
> --- a/drivers/scsi/constants.c
> +++ b/drivers/scsi/constants.c
> @@ -349,6 +349,9 @@ void scsi_print_command(struct scsi_cmnd *cmd)
> {
> int k;
>
> + if (cmd->cmnd == NULL)
> + return;
> +
> scmd_printk(KERN_INFO, cmd, "CDB: ");
> print_opcode_name(cmd->cmnd, cmd->cmd_len);
>
> diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
> index 255da53..5f0f6c7 100644
> --- a/drivers/scsi/sd.c
> +++ b/drivers/scsi/sd.c
> @@ -1218,8 +1218,19 @@ static int sd_done(struct scsi_cmnd *SCpnt)
> sd_dif_complete(SCpnt, good_bytes);
>
> if (scsi_host_dif_capable(sdkp->device->host, sdkp->protection_type)
> - == SD_DIF_TYPE2_PROTECTION && SCpnt->cmnd != SCpnt->request->cmd)
> + == SD_DIF_TYPE2_PROTECTION && SCpnt->cmnd != SCpnt->request->cmd) {
> +
> + /* We have to print a failed command here as the
> + * extended CDB gets freed before scsi_io_completion()
> + * is called.
> + */
> + if (result)
> + scsi_print_command(SCpnt);
> +
> mempool_free(SCpnt->cmnd, sd_cdb_pool);
> + SCpnt->cmnd = NULL;
> + SCpnt->cmd_len = 0;
> + }
>
> return good_bytes;
> }
prev parent reply other threads:[~2010-01-20 8:47 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-18 23:42 [PATCH] scsi: Fix printing of failed 32-byte commands Martin K. Petersen
2010-01-19 10:25 ` Boaz Harrosh
2010-01-20 7:20 ` Martin K. Petersen
2010-01-20 8:47 ` Boaz Harrosh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B56C30A.6040107@panasas.com \
--to=bharrosh@panasas.com \
--cc=James.Bottomley@suse.de \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.