public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Kay Sievers <kay.sievers@vrfy.org>
Cc: Vorobiev Dmitri <dmitri.vorobiev@movial.fi>,
	linux-scsi@vger.kernel.org, linux-mips@linux-mips.org,
	Greg KH <greg@kroah.com>
Subject: Re: [PATCH] SCSI: fix the return type of the remove() method in sgiwd93.c
Date: Wed, 03 Dec 2008 15:02:22 -0600	[thread overview]
Message-ID: <1228338142.5551.77.camel@localhost.localdomain> (raw)
In-Reply-To: <ac3eb2510812031259v1a4ebe25tc841daaa2fe5a722@mail.gmail.com>

On Wed, 2008-12-03 at 21:59 +0100, Kay Sievers wrote:
> On Wed, Dec 3, 2008 at 21:52, James Bottomley
> <James.Bottomley@hansenpartnership.com> wrote:
> > On Wed, 2008-12-03 at 21:29 +0100, Kay Sievers wrote:
> >> On Wed, Dec 3, 2008 at 20:00, James Bottomley
> >> <James.Bottomley@hansenpartnership.com> wrote:
> >> >> We are already in the middle of a ~400 files "struct device" bus_id
> >> >> conversion, and only very few maintainers respond to these patches. We
> >> >> also never got any reply to the SCSI bus_id patch we sent weeks ago.
> >> >> :)
> >> >
> >> > When did you send it?  Searching the scsi archives on bus_id produces no
> >> > results, what was the subject line?
> >>
> >> http://git.kernel.org/?p=linux/kernel/git/gregkh/patches.git;a=blob;f=driver-core/bus_id-scsi.patch;hb=HEAD
> >
> > Hmm, OK ... if you want a review, over the SCSI list is best.
> >
> > Things like this:
> >
> >
> >> --- a/drivers/scsi/scsi_ioctl.c
> >> 182 +++ b/drivers/scsi/scsi_ioctl.c
> >> 183 @@ -170,7 +170,8 @@ static int scsi_ioctl_get_pci(struct scs
> >> 184
> >> 185          if (!dev)
> >> 186                 return -ENXIO;
> >> 187
> >> -        return copy_to_user(arg, dev->bus_id, sizeof(dev->bus_id))? -EFAULT: 0;
> >> 188 +        return copy_to_user(arg,
> >> 189
> >> +                           dev_name(dev), strlen(dev_name(dev)))? -EFAULT: 0;
> >> 190  }
> >
> > Give cause for concern:  in the original, we know we scribble over 20
> > bytes of user space.  With the new one we scribble over an unknown
> > number (which could potentially be much greater than 20).  That's an
> > accident waiting to happen in userspace.
> 
> Yeah, but the name will have no real limit. What should we do here?
> Just Truncate at 20, because we "know" it's not longer?

Well, the problem is the stupid ioctl which gives nowhere to say how
many bytes the buffer is.  For safety's sake, yes, I think you have to
limit it to 20 bytes.  Otherwise, on the day we introduce long names
some random application using this ioctl will die with data corruption
and that will be extremely hard to debug.

James



  reply	other threads:[~2008-12-03 21:02 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-11-20  0:19 [PATCH] SCSI: fix the return type of the remove() method in sgiwd93.c Dmitri Vorobiev
2008-12-03 16:24 ` Vorobiev Dmitri
2008-12-03 17:08   ` James Bottomley
2008-12-03 17:52     ` Kay Sievers
2008-12-03 18:01       ` James Bottomley
2008-12-03 18:42         ` Vorobiev Dmitri
2008-12-03 18:51           ` Kay Sievers
2008-12-03 19:00             ` James Bottomley
2008-12-03 20:29               ` Kay Sievers
2008-12-03 20:52                 ` James Bottomley
2008-12-03 20:59                   ` Kay Sievers
2008-12-03 21:02                     ` James Bottomley [this message]
2008-12-03 21:28                       ` Kay Sievers
2008-12-03 21:33                         ` James Bottomley
2008-12-03 21:41                           ` Kay Sievers
2009-01-02 16:25                             ` James Bottomley
2009-01-02 16:31                               ` Kay Sievers
2009-01-02 16:32                                 ` James Bottomley
2008-12-03 19:07             ` Vorobiev Dmitri
2008-12-03 19:10               ` Vorobiev Dmitri

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1228338142.5551.77.camel@localhost.localdomain \
    --to=james.bottomley@hansenpartnership.com \
    --cc=dmitri.vorobiev@movial.fi \
    --cc=greg@kroah.com \
    --cc=kay.sievers@vrfy.org \
    --cc=linux-mips@linux-mips.org \
    --cc=linux-scsi@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox