From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751214AbdAaPmV (ORCPT ); Tue, 31 Jan 2017 10:42:21 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:50421 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751014AbdAaPmN (ORCPT ); Tue, 31 Jan 2017 10:42:13 -0500 Subject: Re: scsi: BUG in scsi_init_io From: James Bottomley To: Dmitry Vyukov , Johannes Thumshirn Cc: "Martin K. Petersen" , linux-scsi , LKML , Al Viro , syzkaller , Hannes Reinecke Date: Tue, 31 Jan 2017 07:41:51 -0800 In-Reply-To: References: <20170131092048.GB3687@linux-x5ow.site> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.16.5 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 17013115-0044-0000-0000-0000026E3320 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00006531; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000201; SDB=6.00815264; UDB=6.00397992; IPR=6.00592706; BA=6.00005103; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00014123; XFM=3.00000011; UTC=2017-01-31 15:41:56 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17013115-0045-0000-0000-0000069B33E8 Message-Id: <1485877311.3199.4.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-01-31_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1701310135 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2017-01-31 at 10:50 +0100, Dmitry Vyukov wrote: > On Tue, Jan 31, 2017 at 10:20 AM, Johannes Thumshirn < > jthumshirn@suse.de> wrote: > > On Tue, Jan 31, 2017 at 09:55:52AM +0100, Dmitry Vyukov wrote: > > > Hello, > > > > > > The following program triggers BUG in scsi_init_io: > > > > Well crashing a machine just because of an empty dma transfer is a > > bit harsh, > > isn't it? > > > > From 86e6fa5f618fe588b98e923e032f33e075fcd4f4 Mon Sep 17 00:00:00 > > 2001 > > From: Johannes Thumshirn > > Date: Tue, 31 Jan 2017 10:16:00 +0100 > > Subject: [PATCH] scsi: don't BUG_ON() empty DMA transfers > > > > Don't crash the machine just because of an empty transfer. Use > > WARN_ON() > > combined with returning an error. > > > > Signed-off-by: Johannes Thumshirn > > --- > > drivers/scsi/scsi_lib.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c > > index e9e1e14..414588a 100644 > > --- a/drivers/scsi/scsi_lib.c > > +++ b/drivers/scsi/scsi_lib.c > > @@ -1040,7 +1040,8 @@ int scsi_init_io(struct scsi_cmnd *cmd) > > bool is_mq = (rq->mq_ctx != NULL); > > int error; > > > > - BUG_ON(!blk_rq_nr_phys_segments(rq)); > > + if (WARN_ON(!blk_rq_nr_phys_segments(rq))) > > + return -EINVAL; > > > Please-please-please, let's not use WARN for something that is not a > kernel bug and is user-triggerable. It is a kernel bug and it should not be user triggerable, so it should have a warn_on or bug_on. It means something called a data setup function with no data. There's actually a root cause that patches like this won't fix, can we find it? James