public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed
From: Benjamin Block <bblock@linux.vnet.ibm.com>
To: Christoph Hellwig <hch@lst.de>
Cc: "James E . J . Bottomley" <jejb@linux.vnet.ibm.com>,
	"Martin K . Petersen" <martin.petersen@oracle.com>,
	Jens Axboe <axboe@kernel.dk>,
	linux-block@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-scsi@vger.kernel.org,
	Johannes Thumshirn <jthumshirn@suse.de>,
	Steffen Maier <maier@linux.vnet.ibm.com>,
	open-iscsi@googlegroups.com
Subject: Re: [RFC PATCH 1/6] bsg: fix kernel panic resulting from missing allocation of a reply-buffer
Date: Fri, 11 Aug 2017 17:32:03 +0200	[thread overview]
Message-ID: <20170811153203.GA31625@bblock-ThinkPad-W530> (raw)
In-Reply-To: <20170811143649.GA32381@lst.de>

On Fri, Aug 11, 2017 at 04:36:49PM +0200, Christoph Hellwig wrote:
> On Fri, Aug 11, 2017 at 03:49:29PM +0200, Benjamin Block wrote:
> > On Fri, Aug 11, 2017 at 11:14:15AM +0200, Christoph Hellwig wrote:
> > > But patch 1 still creates an additional copy of the sense data for
> > > all bsg users.
> > >
> > 
> > Huh? What additional copy? There is one reply-buffer and that is copied
> > into the user-buffer should it contain valid data. Just like in your
> > patch, neither you, nor me touches any of the copy-code. There is also
> > no changes to how the driver get their data into that buffer, it will
> > still be copied in both cases.
> 
> You're right - I misread your patch.  But that does make it worse as
> this means that with your patch we re-assign the scsi_request.sense
> pointer when using bsg.  That will lead to crashes if using the bsg
> code against e.g. a normal scsi device using bsg when that request
> later gets reused for something that is not bsg.
>

So when the bsg interface is used with something different than the
bsg-lib request queue? I haven't actually thought about that (presuming
the bsg-lib queue was the only one being used). Fair enough, I haven't
completely read that code now, but that seems bad then, to reassign a
space allocated in someone else's request queue. 

That still leaves open that we now over-allocate space in bsg-lib, or?

> 
> > 
> > > 
> > > Can you test the patch below which implements my suggestion?  Your
> > > other patches should still apply fine on top modulo minor context
> > > changes.
> > 
> > Only your patch on top of 4.13-rc4. din_xferp (D) is also empty, which is
> > not taken from the sense-buffer.
> 
> Can't parse this.
> 
> > =============================================================================
> > BUG kmalloc-1024 (Not tainted): Invalid object pointer 0x000000004ad9e0f0
> > -----------------------------------------------------------------------------
> 
> Oops - if we don't allocate the job separately we should not free it either.
> Updated patch for that below:
>

My diff tells that this was the same patch as before.


                                                    Beste Grüße / Best regards,
                                                      - Benjamin Block
-- 
Linux on z Systems Development         /         IBM Systems & Technology Group
		  IBM Deutschland Research & Development GmbH 
Vorsitz. AufsR.: Martina Koederitz     /        Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen / Registergericht: AmtsG Stuttgart, HRB 243294

  reply	other threads:[~2017-08-11 15:32 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-09 14:11 [RFC PATCH 0/6] bsg: fix regression resulting in panics when sending commands via BSG and some sanity cleanups Benjamin Block
     [not found] ` <cover.1502120928.git.bblock-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-08-09 14:11   ` [RFC PATCH 1/6] bsg: fix kernel panic resulting from missing allocation of a reply-buffer Benjamin Block
     [not found]     ` <9e67ce3fc2f3cd42e9e05b2753b00d6676f46ee1.1502120928.git.bblock-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-08-10  9:32       ` Christoph Hellwig
2017-08-10 22:10         ` Benjamin Block
2017-08-10 22:45           ` Benjamin Block
2017-08-11  8:38           ` Christoph Hellwig
2017-08-11  9:14             ` Christoph Hellwig
2017-08-11 13:49               ` Benjamin Block
2017-08-11 14:36                 ` Christoph Hellwig
2017-08-11 15:32                   ` Benjamin Block [this message]
2017-08-11 15:35                     ` Christoph Hellwig
2017-08-11 16:01                       ` Benjamin Block
2017-08-13 14:39                         ` Christoph Hellwig
2017-08-14 16:33                           ` Benjamin Block
2017-08-14 16:32                         ` Benjamin Block
2017-08-16 10:53                           ` Christoph Hellwig
2017-08-09 14:11   ` [RFC PATCH 2/6] bsg: assign sense_len instead of fixed SCSI_SENSE_BUFFERSIZE Benjamin Block
     [not found]     ` <2dd8381929af2037a6eec3086256f54f55c01e78.1502120928.git.bblock-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-08-10  9:32       ` Christoph Hellwig
2017-08-09 14:11   ` [RFC PATCH 4/6] bsg: refactor ioctl to use regular BSG-command infrastructure for SG_IO Benjamin Block
2017-08-10  8:24     ` Johannes Thumshirn
2017-08-10  9:34       ` Christoph Hellwig
2017-08-10 22:12       ` Benjamin Block
2017-08-09 14:11   ` [RFC PATCH 5/6] bsg: reduce unnecessary arguments for bsg_map_hdr() Benjamin Block
     [not found]     ` <6d4d39222a4b76f9b39ec52e0aca5b01a3fac9e1.1502120928.git.bblock-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-08-10  8:26       ` Johannes Thumshirn
2017-08-10  9:35     ` Christoph Hellwig
     [not found]       ` <20170810093531.GP24539-jcswGhMUV9g@public.gmane.org>
2017-08-10 22:19         ` Benjamin Block
2017-08-09 14:11   ` [RFC PATCH 6/6] bsg: reduce unnecessary arguments for blk_complete_sgv4_hdr_rq() Benjamin Block
2017-08-10  8:27     ` Johannes Thumshirn
     [not found]     ` <d95177abfa703a4f77a3d8ddb218eaead465f5ec.1502120928.git.bblock-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-08-10  9:35       ` Christoph Hellwig
2017-08-09 14:11 ` [RFC PATCH 3/6] bsg: scsi-transport: add compile-tests to prevent reply-buffer overflows Benjamin Block
     [not found]   ` <0f448e7771f438025de755530778691ff535e36c.1502120928.git.bblock-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-08-10  9:32     ` Christoph Hellwig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170811153203.GA31625@bblock-ThinkPad-W530 \
    --to=bblock@linux.vnet.ibm.com \
    --cc=axboe@kernel.dk \
    --cc=hch@lst.de \
    --cc=jejb@linux.vnet.ibm.com \
    --cc=jthumshirn@suse.de \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=maier@linux.vnet.ibm.com \
    --cc=martin.petersen@oracle.com \
    --cc=open-iscsi@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox