| Message ID | 20170525184327.23570-7-bart.vanassche@sandisk.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, May 25, 2017 at 11:43:14AM -0700, Bart Van Assche wrote: > Since using scsi_req() is only allowed against request queues for > which struct scsi_request is the first member of their private > request data, refuse to submit SCSI commands against a queue for > which this is not the case. Is it possible we could catch this earlier and avoid giving out the layout in the first place? --b. > > References: commit 82ed4db499b8 ("block: split scsi_request out of struct request") > Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> > Reviewed-by: Hannes Reinecke <hare@suse.com> > Cc: J. Bruce Fields <bfields@fieldses.org> > Cc: Jeff Layton <jlayton@poochiereds.net> > Cc: Jens Axboe <axboe@fb.com> > Cc: Christoph Hellwig <hch@lst.de> > Cc: Omar Sandoval <osandov@fb.com> > Cc: linux-nfs@vger.kernel.org > Cc: linux-block@vger.kernel.org > --- > fs/nfsd/blocklayout.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c > index fb5213afc854..38e14cf7e74a 100644 > --- a/fs/nfsd/blocklayout.c > +++ b/fs/nfsd/blocklayout.c > @@ -219,6 +219,9 @@ static int nfsd4_scsi_identify_device(struct block_device *bdev, > u8 *buf, *d, type, assoc; > int error; > > + if (WARN_ON_ONCE(!blk_queue_scsi_pdu(q))) > + return -EINVAL; > + > buf = kzalloc(bufflen, GFP_KERNEL); > if (!buf) > return -ENOMEM; > -- > 2.12.2
On Thu, 2017-05-25 at 14:48 -0400, J . Bruce Fields wrote: > On Thu, May 25, 2017 at 11:43:14AM -0700, Bart Van Assche wrote: > > Since using scsi_req() is only allowed against request queues for > > which struct scsi_request is the first member of their private > > request data, refuse to submit SCSI commands against a queue for > > which this is not the case. > > Is it possible we could catch this earlier and avoid giving out the > layout in the first place? Hello Christoph, According to what I see in commit 8650b8a05850 you are the author of this code? Can the blk_queue_scsi_pdu(q) test fail in nfsd4_scsi_identify_device()? If so, can nfsd4_layout_verify() be modified in such a way that it prevents that nfsd4_scsi_proc_getdeviceinfo() is ever called for a non-SCSI queue? Can you recommend an approach? Thanks, Bart.
On Thu, May 25, 2017 at 08:19:47PM +0000, Bart Van Assche wrote: > On Thu, 2017-05-25 at 14:48 -0400, J . Bruce Fields wrote: > > On Thu, May 25, 2017 at 11:43:14AM -0700, Bart Van Assche wrote: > > > Since using scsi_req() is only allowed against request queues for > > > which struct scsi_request is the first member of their private > > > request data, refuse to submit SCSI commands against a queue for > > > which this is not the case. > > > > Is it possible we could catch this earlier and avoid giving out the > > layout in the first place? > > Hello Christoph, > > According to what I see in commit 8650b8a05850 you are the author of this > code? Can the blk_queue_scsi_pdu(q) test fail in nfsd4_scsi_identify_device()? If the user explicitly asked for a scsi layout export of a non-scsi device it can. > If so, can nfsd4_layout_verify() be modified in such a way that it prevents > that nfsd4_scsi_proc_getdeviceinfo() is ever called for a non-SCSI queue? > Can you recommend an approach? Not easily. The only thing we could do is an export time check, that would refuse the scsi layout export if the device is not capable. I can look into that, but it will take some time so for now I think we should go ahead with your series.
Looks fine,
Reviewed-by: Christoph Hellwig <hch@lst.de>
On Fri, May 26, 2017 at 08:10:03AM +0200, hch@lst.de wrote: > On Thu, May 25, 2017 at 08:19:47PM +0000, Bart Van Assche wrote: > > On Thu, 2017-05-25 at 14:48 -0400, J . Bruce Fields wrote: > > > On Thu, May 25, 2017 at 11:43:14AM -0700, Bart Van Assche wrote: > > > > Since using scsi_req() is only allowed against request queues for > > > > which struct scsi_request is the first member of their private > > > > request data, refuse to submit SCSI commands against a queue for > > > > which this is not the case. > > > > > > Is it possible we could catch this earlier and avoid giving out the > > > layout in the first place? > > > > Hello Christoph, > > > > According to what I see in commit 8650b8a05850 you are the author of this > > code? Can the blk_queue_scsi_pdu(q) test fail in nfsd4_scsi_identify_device()? > > If the user explicitly asked for a scsi layout export of a non-scsi > device it can. > > > If so, can nfsd4_layout_verify() be modified in such a way that it prevents > > that nfsd4_scsi_proc_getdeviceinfo() is ever called for a non-SCSI queue? > > Can you recommend an approach? > > Not easily. The only thing we could do is an export time check, that > would refuse the scsi layout export if the device is not capable. > > I can look into that, but it will take some time so for now I think we > should go ahead with your series. Fine by me.--b.
diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c index fb5213afc854..38e14cf7e74a 100644 --- a/fs/nfsd/blocklayout.c +++ b/fs/nfsd/blocklayout.c @@ -219,6 +219,9 @@ static int nfsd4_scsi_identify_device(struct block_device *bdev, u8 *buf, *d, type, assoc; int error; + if (WARN_ON_ONCE(!blk_queue_scsi_pdu(q))) + return -EINVAL; + buf = kzalloc(bufflen, GFP_KERNEL); if (!buf) return -ENOMEM;
Since using scsi_req() is only allowed against request queues for which struct scsi_request is the first member of their private request data, refuse to submit SCSI commands against a queue for which this is not the case. References: commit 82ed4db499b8 ("block: split scsi_request out of struct request") Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Reviewed-by: Hannes Reinecke <hare@suse.com> Cc: J. Bruce Fields <bfields@fieldses.org> Cc: Jeff Layton <jlayton@poochiereds.net> Cc: Jens Axboe <axboe@fb.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Omar Sandoval <osandov@fb.com> Cc: linux-nfs@vger.kernel.org Cc: linux-block@vger.kernel.org --- fs/nfsd/blocklayout.c | 3 +++ 1 file changed, 3 insertions(+)