From: Juergen Gross <jgross@suse.com>
To: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
Cc: "Nicholas A. Bellinger" <nab@daterainc.com>,
target-devel <target-devel@vger.kernel.org>,
linux-scsi <linux-scsi@vger.kernel.org>,
Christoph Hellwig <hch@lst.de>, Hannes Reinecke <hare@suse.de>,
Mike Christie <mchristi@redhat.com>,
Sagi Grimberg <sagig@mellanox.com>,
Andy Grover <agrover@redhat.com>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
Andrzej Pietrasiewicz <andrzej.p@samsung.com>,
Chris Boot <bootc@bootc.net>,
David Vrabel <david.vrabel@citrix.com>
Subject: Re: [PATCH-v3 12/14] xen-scsiback: Convert to TARGET_SCF_ACK_KREF I/O krefs
Date: Thu, 4 Feb 2016 09:22:17 +0100 [thread overview]
Message-ID: <56B30A39.2070305@suse.com> (raw)
In-Reply-To: <1454475794.10512.3.camel@haakon3.risingtidesystems.com>
On 03/02/16 06:03, Nicholas A. Bellinger wrote:
> Hi Juergen,
>
> On Tue, 2016-02-02 at 17:31 +0100, Juergen Gross wrote:
>> On 30/01/16 08:05, Nicholas A. Bellinger wrote:
>>> From: Nicholas Bellinger <nab@linux-iscsi.org>
>>>
>>> Cc: Juergen Gross <jgross@suse.com>
>>> Cc: Hannes Reinecke <hare@suse.de>
>>> Cc: David Vrabel <david.vrabel@citrix.com>
>>> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
>>
>> Sorry, with your patches applied xen-scsiback isn't working any more.
>> I've tried multiple times with and without your patches. Without the
>> patches everything is fine, while with the patches applied I get the
>> warnings shown in the attached log. I just passed through a DVD drive
>> and did "eject" in the domain.
>>
>
> Thanks for testing. :)
You're welcome. :-)
>
> So it looks like a left-over memset of pending_req->se_cmd memory in
> scsiback_cmd_exec() was clobbering the saved percpu_ida map_tag from
> scsiback_get_pend_req(), resulting in a use-after-free.
>
> Please verify with the following:
Thanks, is working now!
With that change you can add my:
Acked-by: Juergen Gross <jgross@suse.com>
Tested-by: Juergen Gross <jgross@suse.com>
to the xen-scsiback related patches.
Juergen
>
> diff --git a/drivers/xen/xen-scsiback.c b/drivers/xen/xen-scsiback.c
> index eaf9e21..c3f55a2 100644
> --- a/drivers/xen/xen-scsiback.c
> +++ b/drivers/xen/xen-scsiback.c
> @@ -400,10 +400,6 @@ static void scsiback_cmd_exec(struct vscsibk_pend *pending_req)
> struct se_session *sess = pending_req->v2p->tpg->tpg_nexus->tvn_se_sess;
> int rc;
>
> - memset(pending_req->sense_buffer, 0, VSCSIIF_SENSE_BUFFERSIZE);
> -
> - memset(se_cmd, 0, sizeof(*se_cmd));
> -
> scsiback_get(pending_req->info);
> se_cmd->tag = pending_req->rqid;
> rc = target_submit_cmd_map_sgls(se_cmd, sess, pending_req->cmnd,
>
>
>
next prev parent reply other threads:[~2016-02-04 8:22 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-30 7:05 [PATCH-v3 00/14] target_alloc_session w/ percpu_ida+ACK_KREF conversion Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 01/14] target: Add target_alloc_session() helper function Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 02/14] target: Convert demo-mode only drivers to target_alloc_session Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 03/14] vhost/scsi: Convert to target_alloc_session usage Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 04/14] tcm_qla2xxx: " Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 05/14] tcm_fc: " Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 06/14] ib_srpt: " Nicholas A. Bellinger
2016-02-04 22:14 ` Bart Van Assche
2016-01-30 7:05 ` [PATCH-v3 07/14] sbp-target: Conversion to percpu_ida tag pre-allocation Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 08/14] sbp-target: Convert to TARGET_SCF_ACK_KREF I/O krefs Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 09/14] usb-gadget/tcm: Conversion to percpu_ida tag pre-allocation Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 10/14] usb-gadget/tcm: Convert to TARGET_SCF_ACK_KREF I/O krefs Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 11/14] xen-scsiback: Convert to percpu_ida tag allocation Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 12/14] xen-scsiback: Convert to TARGET_SCF_ACK_KREF I/O krefs Nicholas A. Bellinger
2016-02-02 16:31 ` Juergen Gross
2016-02-03 5:03 ` Nicholas A. Bellinger
2016-02-04 8:22 ` Juergen Gross [this message]
2016-01-30 7:05 ` [PATCH-v3 13/14] tcm_fc: Convert to TARGET_SCF_ACK_KREF I/O + TMR krefs Nicholas A. Bellinger
2016-01-30 7:05 ` [PATCH-v3 14/14] ib_srpt: Convert to percpu_ida tag allocation Nicholas A. Bellinger
2016-02-04 22:23 ` Bart Van Assche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56B30A39.2070305@suse.com \
--to=jgross@suse.com \
--cc=agrover@redhat.com \
--cc=andrzej.p@samsung.com \
--cc=bigeasy@linutronix.de \
--cc=bootc@bootc.net \
--cc=david.vrabel@citrix.com \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=linux-scsi@vger.kernel.org \
--cc=mchristi@redhat.com \
--cc=nab@daterainc.com \
--cc=nab@linux-iscsi.org \
--cc=sagig@mellanox.com \
--cc=target-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.