From: Paolo Bonzini <pbonzini@redhat.com>
To: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
Cc: Christoph Hellwig <hch@lst.de>, Roland Dreier <roland@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
target-devel <target-devel@vger.kernel.org>
Subject: Re: [PATCH 3.6 2/2] target: use a bounce buffer in transport_kmap_data_sg for 0 or 1-page sglist
Date: Fri, 07 Sep 2012 14:01:12 +0200 [thread overview]
Message-ID: <5049E208.3040109@redhat.com> (raw)
In-Reply-To: <1346988951.4162.595.camel@haakon2.linux-iscsi.org>
Il 07/09/2012 05:35, Nicholas A. Bellinger ha scritto:
>> It is not completely correct for virtual backends, for example I think
>> it will always return success for 0-block reads or writes, even if the
>> start LBA is out of range. This is also something that I saw with
>> PSCSI, and is fixed by these patches.
>
> Good point !
I spent the morning digging further down the rabbithole, and I found the
following testcases:
REPORT LUNS:
sg_raw -r8 /dev/sdb a0 00 00 00 00 00 00 00 00 08 00 00
should fail with ILLEGAL REQUEST / INVALID FIELD IN CDB sense
does not fail
INQUIRY (VPD PAGE != 0, std != 0):
sg_raw /dev/sdb 12 00 83 00 00 00
should fail with ILLEGAL REQUEST / INVALID FIELD IN CDB sense
does not fail
MODE SENSE off by one (by two for 10-byte CDB):
sg_raw -r20 /dev/sdb 5a 00 0a 00 00 00 00 00 14 00
last byte should be 0x1e
it is 0x00
READ:
Testcase: sg_raw /dev/sdb 28 00 80 00 00 00 00 00 00 00
should fail with ILLEGAL REQUEST / LBA OUT OF RANGE sense
does not fail
Plus:
- missing checks on parameter list length for PR OUT with SPEC_I_PT,
UNMAP, SET TARGET PORT GROUPS. In some cases these could lead to
reading undefined data.
- no checks for OOM in callers of transport_kmem_data_sg.
>> Also, even though it handles zero-size, it doesn't handle a CDB with a
>> small but nonzero allocation length. If you have such a CDB, you can
>> overflow the sglist.
>
> Any particular sg_raw example in mind that can trigger this..?
sg_raw (or even SG_IO) doesn't work because misaligned scatterlists are
bounce-buffered by the block layer in blk_map_rq_user.
However, given the above bugs it's better to attack the callers of
transport_kmem_data_sg one by one. Again, zero-length CDB support comes
for free.
> Ok, if this is a genuine issue then please show how to trigger with
> sg_raw, and let's plan on merging this as a -rc6 bugfix in order to
> spend some more testing w/ scsi-testsuite across different backends over
> the next week.
Doesn't seem to be too important, it can be done for 3.7 except perhaps
for PSCSI; I'll put the PSCSI patch at the beginning of the series. I
can make scsi-testsuite patches for the above issues, but I'll be glad
if someone beats me to it.
Paolo
prev parent reply other threads:[~2012-09-07 12:01 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-06 15:13 [PATCH 3.6 0/2] More PSCSI fixes Paolo Bonzini
2012-09-06 15:13 ` [PATCH 3.6 1/2] target: remove pscsi_clear_cdb_lun Paolo Bonzini
2012-09-06 18:58 ` Nicholas A. Bellinger
2012-09-06 20:51 ` Paolo Bonzini
2012-09-07 3:22 ` Nicholas A. Bellinger
2012-09-07 11:51 ` Paolo Bonzini
2012-09-07 17:52 ` Nicholas A. Bellinger
2012-09-06 15:13 ` [PATCH 3.6 2/2] target: use a bounce buffer in transport_kmap_data_sg for 0 or 1-page sglist Paolo Bonzini
2012-09-06 19:29 ` Nicholas A. Bellinger
2012-09-06 20:58 ` Paolo Bonzini
2012-09-07 3:35 ` Nicholas A. Bellinger
2012-09-07 12:01 ` Paolo Bonzini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5049E208.3040109@redhat.com \
--to=pbonzini@redhat.com \
--cc=hch@lst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=nab@linux-iscsi.org \
--cc=roland@kernel.org \
--cc=target-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.