Re: [PATCH RESEND] scsi: sg: Prevent potential double frees in sg driver

From: Evan Green
Date: Tue Oct 02 2018 - 11:22:11 EST

Next message: Takashi Iwai: "Re: [PATCH 00/11] Add ZxR support + bugfixes"
Previous message: Jeffrey Hugo: "Re: [PATCH v4 3/3] gpiolib: Show correct direction from the beginning"
In reply to: Douglas Gilbert: "Re: [PATCH RESEND] scsi: sg: Prevent potential double frees in sg driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 1, 2018 at 4:34 PM Douglas Gilbert <dgilbert@xxxxxxxxxxxx> wrote:
>
> On 2018-10-02 02:15 AM, Evan Green wrote:
> > From: Robb Glasser <rglasser@xxxxxxxxxx>
> >
> > sg_ioctl could be spammed by requests, leading to a double free in
> > __free_pages. This protects the entry points of sg_ioctl where the
> > memory could be corrupted by a double call to __free_pages if multiple
> > requests are happening concurrently.
>
> Hi,
> I don't like this patch. I would like to see the trace for the double
> call to the __free_pages you are referring too. A test program that
> show the fault, perhaps?
>
> I have test code to "spam" the sg driver and have not seen a double
> __free_pages that you refer to (see sg3_utils package version 1.44,
> testing/sg_tst_async.cpp).
>
> Currently I am dusting off 20 years of "laparoscopic" patches to the sg
> driver that have made a bit of a mess of the naming and comments. Also
> the 16 outstanding requests per file descriptor limit is being removed.
> Then I want to add the SG_IOSUBMIT and SG_IORECEIVE ioctls proposed by
> Linus Torvalds two week ago.
>
> Executive summary: nak, without further information

That makes sense. Thanks for taking a look.

Next message: Takashi Iwai: "Re: [PATCH 00/11] Add ZxR support + bugfixes"
Previous message: Jeffrey Hugo: "Re: [PATCH v4 3/3] gpiolib: Show correct direction from the beginning"
In reply to: Douglas Gilbert: "Re: [PATCH RESEND] scsi: sg: Prevent potential double frees in sg driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]