[ofa-general] Re: sg_reset can trigger a NULL pointer dereference in the SRP initiator

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Roland Dreier <rdreier@cisco.com>
To: Boaz Harrosh <bharrosh@panasas.com>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>,
	Vladislav Bolkhovitin <vst@vlnb.net>,
	linux-scsi <linux-scsi@vger.kernel.org>,
	OpenIB <general@lists.openfabrics.org>
Subject: [ofa-general] Re: sg_reset can trigger a NULL pointer dereference in the SRP initiator
Date: Thu, 06 Aug 2009 10:41:03 -0700	[thread overview]
Message-ID: <ada1vnohmc0.fsf@cisco.com> (raw)
In-Reply-To: <4A7A949B.60408@panasas.com> (Boaz Harrosh's message of "Thu, 06 Aug 2009 11:30:19 +0300")

 > Specifically scmnd->host_scribble can just be Zero.

I see at last, thanks!

The issue is that SRP is using host_scribble to hold an index, and index
0 is valid for us.

I guess the fix is a bit complex, but basically we should use
host_scribble to point to the request, and if we don't find a request in
reset_device we should allocate one.

It's a bit unfortunate that the SCSI midlayer bypasses queueing for the
device reset command because it means we may not have a slot in our
queue for the reset request etc but I suppose that's even more involved
to fix.

 - R.

next prev parent reply	other threads:[~2009-08-06 17:41 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-08-06  7:39 sg_reset can trigger a NULL pointer dereference in the SRP initiator Bart Van Assche
2009-08-06  8:30 ` Boaz Harrosh
2009-08-06 15:38   ` [ofa-general] " Bart Van Assche
2009-08-06 15:43     ` James Bottomley
2009-08-06 17:41   ` Roland Dreier [this message]
2009-08-07  8:31     ` Bart Van Assche
2009-08-07 21:14       ` Roland Dreier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ada1vnohmc0.fsf@cisco.com \
    --to=rdreier@cisco.com \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=bharrosh@panasas.com \
    --cc=general@lists.openfabrics.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=vst@vlnb.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.