Re: [PATCH v2] [SCSI] sg: Fix user memory corruption when SG_IO isinterrupted by a signal

[David Milburn]

Roland Dreier wrote:
> On Wed, Aug 7, 2013 at 7:38 AM, David Milburn <dmilburn@xxxxxxxxxx> wrote:
> > I was able to succesfully test this patch overnight, I had been experimenting with the
> > sg driver setting the BIO_NULL_MAPPED flag in sg_rq_end_io_usercontext for a orphan process
> > which prevented the corruption, but your solution seems much better.
>
> Very cool, thanks for the testing.
>
> I actually looked at using BIO_NULL_MAPPED as well, but it seemed a
> bit too fragile to me -- it had the right effect of skipping
> __bio_copy_iov(), and skipping the __free_pages() stuff in there is OK
> because sg owns its pages rather than the bio layer, but all that
> seemed vulnerable to being broken by an unrelated change.
>
> Out of curiousity, were you already working on this bug?  Because if
> you had fixed it a few weeks earlier we might not have spent so long
> wondering WTF was stomping on the memory of one of our processes :)

Hi Roland,

Actually, I was waiting for confirmation from the field which I
recently received, I was getting ready to bring this up on linux-scsi,
sorry I should have brought it up sooner. I wasn't positive that setting
BIO_NULL_MAPPED flag from sg driver was the fix. David Jeffery
came up with a reproducer which I ran overnight on the latest
upstream kernel with your patch.

Thanks,
David



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/