From: Douglas Gilbert <dougg@torque.net>
To: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: James.Bottomley@SteelEye.com, linux-scsi@vger.kernel.org
Subject: Re: [PATCH 3/3] tgt: fix scsi command leak
Date: Sat, 03 Mar 2007 11:58:19 -0500 [thread overview]
Message-ID: <45E9A92B.5040507@torque.net> (raw)
In-Reply-To: <20070303001750H.fujita.tomonori@lab.ntt.co.jp>
FUJITA Tomonori wrote:
> The failure to map user-space pages leads to scsi command leak. It can
> happens mostly because of user-space daemon bugs (or OOM). This patch
> makes tgt just notify a LLD of the failure with sense when
> blk_rq_map_user() fails.
>
> Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
> Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
> ---
> drivers/scsi/scsi_tgt_lib.c | 23 ++++++++++++++++++++---
> 1 files changed, 20 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/scsi/scsi_tgt_lib.c b/drivers/scsi/scsi_tgt_lib.c
> index dc8781a..c05dff9 100644
> --- a/drivers/scsi/scsi_tgt_lib.c
> +++ b/drivers/scsi/scsi_tgt_lib.c
> @@ -459,6 +459,16 @@ static struct request *tgt_cmd_hash_look
> return rq;
> }
>
> +static void scsi_tgt_build_sense(unsigned char *sense_buffer, unsigned char key,
> + unsigned char asc, unsigned char asq)
> +{
> + sense_buffer[0] = 0x70;
> + sense_buffer[2] = key;
> + sense_buffer[7] = 0xa;
> + sense_buffer[12] = asc;
> + sense_buffer[13] = asq;
> +}
> +
Tomo,
Perhaps you could add a memset(sense_buffer, 0, 18) before
those assignments and state that this is "fixed" sense
buffer format.
What about an option for descriptor sense format? With SAT now
a standard, we now have one more reason to support
descriptor format when required. The ATA PASS-THROUGH SCSI
commands in SAT use descriptor sense format to return
ATA registers.
<aside>
While on the subject of sense data, I note that the
ATA folks (t13.org) are proposing an "ATA REQUEST
SENSE" command to leverage of existing SCSI
sense_key, asc, ascq tuples.
Doug Gilbert
> int scsi_tgt_kspace_exec(int host_no, int result, u64 tag,
> unsigned long uaddr, u32 len, unsigned long sense_uaddr,
> u32 sense_len, u8 rw)
> @@ -514,9 +524,16 @@ int scsi_tgt_kspace_exec(int host_no, in
> if (len) {
> err = scsi_map_user_pages(rq->end_io_data, cmd, uaddr, len, rw);
> if (err) {
> - eprintk("%p %d\n", cmd, err);
> - err = -EAGAIN;
> - goto done;
> + /*
> + * user-space daemon bugs or OOM
> + * TODO: we can do better for OOM.
> + */
> + eprintk("cmd %p ret %d uaddr %lx len %d rw %d\n",
> + cmd, err, uaddr, len, rw);
> + cmd->result = SAM_STAT_CHECK_CONDITION;
> + memset(cmd->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
> + scsi_tgt_build_sense(cmd->sense_buffer,
> + HARDWARE_ERROR, 0, 0);
> }
> }
> err = scsi_tgt_transfer_response(cmd);
next prev parent reply other threads:[~2007-03-03 16:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-03 0:55 [PATCH 3/3] tgt: fix scsi command leak FUJITA Tomonori
2007-03-03 16:58 ` Douglas Gilbert [this message]
2007-03-05 5:32 ` FUJITA Tomonori
2007-03-05 15:36 ` Douglas Gilbert
2007-03-07 2:10 ` FUJITA Tomonori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45E9A92B.5040507@torque.net \
--to=dougg@torque.net \
--cc=James.Bottomley@SteelEye.com \
--cc=fujita.tomonori@lab.ntt.co.jp \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox