Re: [PATCH] bsg: remove read/write support

From: Jens Axboe
Date: Thu Jul 12 2018 - 10:05:05 EST


On 7/12/18 2:09 AM, Christoph Hellwig wrote:
> The code poses a security risk due to user memory access in ->release
> and had an API that can't be used reliably. As far as we know it was
> never used for real, but if that turns out wrong we'll have to revert
> this commit and come up with a band aid.
>
> Jann Horn did look software archives for users of this interface,
> and the only users found were example code in sg3_utils, and optional
> support in an optional module of the tgt user space iscsi target,
> which looks like a proof of concept extension of the /dev/sg
> read/write support.
>
> Tony Battersby chimes in that the code is basically unsafe to use in
> general:
>
> The read/write interface on /dev/bsg is impossible to use safely
> because the list of completed commands is per-device (bd->done_list)
> rather than per-fd like it is with /dev/sg. So if program A and
> program B are both using the write/read interface on the same bsg
> device, then their command responses will get mixed up, and program
> A will read() some command results from program B and vice versa.
> So no, I don't use read/write on /dev/bsg. From a security standpoint,
> it should definitely be fixed or removed.

Applied for 4.19.

--
Jens Axboe