Message ID | 20180920071907.10102-1-jthumshirn@suse.de (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | scsi: sd: don't crash the host on invalid commands | expand |
Looks good,
Reviewed-by: Christoph Hellwig <hch@lst.de>
On Thu, 2018-09-20 at 09:19 +0200, Johannes Thumshirn wrote: > When sd_init_command() get's a with a unknown req_op() it crashes the > system via BUG(). > > This makes debugging the actual reason for the broken request > cmd_flags pretty hard as the system is down before it's able to write > out debugging data on the serial console or the trace buffer. > > Change the BUG() to a WARN_ON() and return BLKPREP_KILL to fail > gracefully and return an I/O error to the producer of the request. > > Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de> > Cc: Hannes Reinecke <hare@suse.de> > Cc: Bart Van Assche <bvanassche@acm.org> > Cc: Christoph Hellwig <hch@lst.de> > --- > Fixed Typo in Bart's mail, sorry for this. > > drivers/scsi/sd.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c > index b79b366a94f7..19f28962d65b 100644 > --- a/drivers/scsi/sd.c > +++ b/drivers/scsi/sd.c > @@ -1276,7 +1276,8 @@ static int sd_init_command(struct scsi_cmnd *cmd) > case REQ_OP_ZONE_RESET: > return sd_zbc_setup_reset_cmnd(cmd); > default: > - BUG(); > + WARN_ON(1); > + return BLKPREP_KILL; > } > } Have you considered to use WARN_ON_ONCE() instead of WARN_ON(1)? Otherwise this patch looks good to me. Thanks, Bart.
On Thu, Sep 20, 2018 at 11:18:19AM -0700, Bart Van Assche wrote: > On Thu, 2018-09-20 at 09:19 +0200, Johannes Thumshirn wrote: > > Have you considered to use WARN_ON_ONCE() instead of WARN_ON(1)? Otherwise > this patch looks good to me. Indeed I did and then forgot to 'git commit --amend' it befroe sending it out. I'll do so now. Johannes
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index b79b366a94f7..19f28962d65b 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -1276,7 +1276,8 @@ static int sd_init_command(struct scsi_cmnd *cmd) case REQ_OP_ZONE_RESET: return sd_zbc_setup_reset_cmnd(cmd); default: - BUG(); + WARN_ON(1); + return BLKPREP_KILL; } }
When sd_init_command() get's a with a unknown req_op() it crashes the system via BUG(). This makes debugging the actual reason for the broken request cmd_flags pretty hard as the system is down before it's able to write out debugging data on the serial console or the trace buffer. Change the BUG() to a WARN_ON() and return BLKPREP_KILL to fail gracefully and return an I/O error to the producer of the request. Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Bart Van Assche <bvanassche@acm.org> Cc: Christoph Hellwig <hch@lst.de> --- Fixed Typo in Bart's mail, sorry for this. drivers/scsi/sd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)