[PATCH 0/2] block,scsi: fixup blk_get_request dead queue scenarios

From: Joe Lawrence
Date: Thu May 29 2014 - 16:59:15 EST

Next message: Joe Lawrence: "[PATCH 1/2] block,scsi: verify return pointer from blk_get_request"
Previous message: Daniel Vetter: "Re: Resume from suspend broken in 3.15. (bisected)"
Next in thread: Joe Lawrence: "[PATCH 1/2] block,scsi: verify return pointer from blk_get_request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Jens,

This bug was originally reported against 3.10 and still exists in
3.15-rc5 [1] [2].

These changes were tested on-top of 3.15-rc5 with user-program that
opens a CD device, its media is removed, and then the program issues a
CDROMEJECT ioctl. Without this change, the kernel can crash in
sg_scsi_ioctl on NULL request pointer.

The first patch adds return checking to a few blk_get_request callers.
The second patch is much larger, modifying the return value to include
an ERR_PTR to indicate failure reason. I didn't touch any of the IDE
callers save one since all but that one assume success. As such, the
first can be merged without the second if the change is considered too
dangerous.

Feel free to drop any changes to files (like paride/pd.c) if they're
considered deprecated.

[1] http://thread.gmane.org/gmane.linux.scsi/80934
[2] http://thread.gmane.org/gmane.linux.kernel/1502882

Joe Lawrence (2):
block,scsi: verify return pointer from blk_get_request
block,scsi: convert and handle ERR_PTR from blk_get_request

block/blk-core.c | 34 ++++++++++++++---------------
block/bsg.c | 8 +++----
block/scsi_ioctl.c | 13 ++++++++---
drivers/block/paride/pd.c | 2 ++
drivers/block/pktcdvd.c | 2 ++
drivers/block/sx8.c | 2 +-
drivers/cdrom/cdrom.c | 4 ++--
drivers/ide/ide-park.c | 2 +-
drivers/scsi/device_handler/scsi_dh_alua.c | 2 +-
drivers/scsi/device_handler/scsi_dh_emc.c | 2 +-
drivers/scsi/device_handler/scsi_dh_hp_sw.c | 4 ++--
drivers/scsi/device_handler/scsi_dh_rdac.c | 2 +-
drivers/scsi/osd/osd_initiator.c | 4 ++--
drivers/scsi/osst.c | 2 +-
drivers/scsi/scsi_error.c | 2 ++
drivers/scsi/scsi_lib.c | 2 +-
drivers/scsi/scsi_tgt_lib.c | 2 +-
drivers/scsi/sg.c | 4 ++--
drivers/scsi/st.c | 2 +-
drivers/target/target_core_pscsi.c | 2 +-
20 files changed, 55 insertions(+), 42 deletions(-)

--
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joe Lawrence: "[PATCH 1/2] block,scsi: verify return pointer from blk_get_request"
Previous message: Daniel Vetter: "Re: Resume from suspend broken in 3.15. (bisected)"
Next in thread: Joe Lawrence: "[PATCH 1/2] block,scsi: verify return pointer from blk_get_request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]