Received: by 10.192.165.148 with SMTP id m20csp676175imm;
        Fri, 20 Apr 2018 13:28:46 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4833ePSPdcLpp9XRbbINK0BSBCAKQ2bigxBGQWk/Ob59nrmr0jfAl/QmDfT8TtGR6PzFyYm
X-Received: by 2002:a17:902:5417:: with SMTP id d23-v6mr10731093pli.386.1524256125970;
        Fri, 20 Apr 2018 13:28:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524256125; cv=none;
        d=google.com; s=arc-20160816;
        b=JgyTX68re4c3PWoVIA/8wp+kcT6hkZy619fqafDVUgmdOPNUd7mIm5T1neIsfrh5HO
         RNWmtR3e5kfP3NTIfb2pvuMBrPkk4aIABDgmMo46liZQ011Oa82SNXcCq+3+zQUYeno5
         8V6sHODEiHK85xQBsEq0bWdeA91Mo+uLcEBJPPj2caIcDnZsNn4hcCzku/rdXJf1PLhR
         /S8d7uVH424CIB5QHxTHzjzpx4JLijNBRd4teANfl7Q5jDfAaOo8oyVJo6f8giiAPVs8
         m6rEWv+F3MU26GTCIm/ULjC4bczhmxf8VK56KNsaDHYZlqOfdCe+Uu5ZZBwo0oocGZwL
         jWHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=dx7DBPtWG+aaZCpJQ31/6LGWVnTMJFEmAJR7FhUbDxI=;
        b=R7fHCgMH0VdwClH3dn1YZQvTnSNvWo1+w9+qYlLRdysUmhF6sirG/UbWWv6xCHS+EG
         fLZ2yn9aCeUZLkc3jSjIVzV7PR/go2G00pFRQiN2Xb4JZEoRWPy/CwYQrGMQDOsdR0C3
         8E1N06Un4+TDjJrTWuGm0FWRxQupDOmCwQX4BNEsGQwEYSsLsI8k6iddE47ZCpg0inrJ
         k7tkMNzaouKog4v5cr+iGAb7+HYMGfIFTbKMruFTlZP5rcGouxHFDl5kDs8JV719Fc9L
         AStHnUlt6H61UzVB6kPpl20Pc2qbDooqbXpuyj4dP9xMmYofUP920YGzh7JhuydtnzMe
         oggg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=tV1dR1i2;
       dkim=fail header.i=@chromium.org header.s=google header.b=VAOMWno0;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y73si5374710pgd.390.2018.04.20.13.28.08;
        Fri, 20 Apr 2018 13:28:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=tV1dR1i2;
       dkim=fail header.i=@chromium.org header.s=google header.b=VAOMWno0;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752695AbeDTUXW (ORCPT <rfc822;mohamedabbas.us@gmail.com>
        + 99 others); Fri, 20 Apr 2018 16:23:22 -0400
Received: from mail-vk0-f45.google.com ([209.85.213.45]:44993 "EHLO
        mail-vk0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752629AbeDTUXT (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 20 Apr 2018 16:23:19 -0400
Received: by mail-vk0-f45.google.com with SMTP id r184so5994323vke.11
        for <linux-kernel@vger.kernel.org>; Fri, 20 Apr 2018 13:23:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=dx7DBPtWG+aaZCpJQ31/6LGWVnTMJFEmAJR7FhUbDxI=;
        b=tV1dR1i2YKQN58Giow17U3Y5C0l2N26M3CejfzFlUPrlI0gY4DqdMIfCKSjVfU9u7E
         ap73dfFTsjKAaZwNrQMnadMQaBLAdeSpEF6+CvWlOaCnJu7m+QMQKwGWOU7O6ttL/LQh
         TWKxXG5F1hBX0IMvYSAsj3pdEtOqtezpibLdLIFkjmybIqLU7vfSRgee9Af5ch9Alx2o
         xsmonK3428kt83JCqXqVcuBFpNSRRWFtIohTUtX/i8CDgl1z3y9UEkTB57QfQcr6yA04
         80f7QQ2bagr7gWRCQ1Om57P7IqXccejdUxVdLUD8eBoeh6X7gJCLo0wepkr1sFzGvqqz
         8hUg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=dx7DBPtWG+aaZCpJQ31/6LGWVnTMJFEmAJR7FhUbDxI=;
        b=VAOMWno0TT0lKdgI6eOMM3CJGbKj8quo8s5gsLlgsewR4cfsFPcVwVfC+rLzIAIfk2
         bdY/+aB8rSqVQjvleVxHvmWeS9SCWOPKjvRXpQIoP6JcYHMKbVZrq2guKl8LU5h7a80z
         EtKE5GJYER6S4h8Z787ha72Kio1sNpvMSi5Q0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=dx7DBPtWG+aaZCpJQ31/6LGWVnTMJFEmAJR7FhUbDxI=;
        b=VZMTmg5iwsmewvymRksLYEP4rHC8Zm6cy9fQSXDLYWoi2N6+Bt69Xfv8gIszHz1X5E
         IuyEWVhbTdwhMj2YzOz+cMmz2fl6YS74BQlzfEWlOrUDIpStRM1pV/SKjxn2cJT8uHg+
         +NAbssx9XVZRKl/g+C30B1o6uxTuoNV/Um+TfXykqZz+tShRVX+Pl/qs4VG72OE46xXK
         glXnBn1Y1XzuB9xgE606nRfoCJs8gamySmB1T598HdWrik5TiNwc326urOilPDVurSar
         ukyHXPQVThgz2RYsJ3a60E0XoshY4Q39UXRpFWrr3ArfcgixJnWYKg1zp0NKQGaehszU
         1Oow==
X-Gm-Message-State: ALQs6tCmgXP4tNsUWPUJrnKCfFyVWLBXRZgm/PHAObW1fL/VcIRDPXmU
        xnRpggt2M0XayHN3X2AOJOE8Fi8hERPJhGt/pzDmBA==
X-Received: by 10.31.168.213 with SMTP id r204mr8623253vke.84.1524255798906;
 Fri, 20 Apr 2018 13:23:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.164.81 with HTTP; Fri, 20 Apr 2018 13:23:17 -0700 (PDT)
In-Reply-To: <13DBFC76-4849-4DDA-AC44-B2C1257912E7@linaro.org>
References: <10360653.ov98egbaqx@natalenko.name> <CAGXu5j+dh1zm32iBjRVh0s+3gLJYgjwt+z1aBJmrK2Cr8XPWnA@mail.gmail.com>
 <CAGXu5jLhnWnUiscP9B=kTEFNyRw9jgFn7Zr5FxhZrO20553+1Q@mail.gmail.com>
 <CAGXu5jKuZwicyyXH2gB3vp-OjtS+MkG+hqxV1cq1jaG9vAAO=g@mail.gmail.com>
 <CAGXu5jLQuzpjFcfjpT=MvgOxBizFNMjnfmY+E7eCHkDAV5swHg@mail.gmail.com>
 <CAGXu5jJTMqbXia7TmN2yEW11SM+XC3pkMt=bb+xBrY7-OOf=tw@mail.gmail.com>
 <CAGXu5j+xX3kDDS_sPY44hPVb=8isMX-evYzPx3ur=rge1rL5JQ@mail.gmail.com>
 <CAGXu5jJmvKcANUSsCz3fjGSv-tv1hceNd3rOpT4WTfYRb65RRA@mail.gmail.com>
 <8473f909-2123-0cfc-43b1-beba0b1aef9b@kernel.dk> <CAGXu5jL9miO3OXpjAxm9t8v=f_f5StB=Tk=aV8BVRdEj-Y-PDA@mail.gmail.com>
 <CAGXu5jKVPQi0cdTbe5Y1DNHdiJ6-kEFRBTNv7znuqT9w5eifGg@mail.gmail.com>
 <07f263ff-cea6-ac3c-944b-0f36fee8ba25@kernel.dk> <CAGXu5j+kHipvoyFWjGp8M6+83zbd6yHOzwxQ-2LNBQbD5-jS9w@mail.gmail.com>
 <8b32e079-d4e6-3fea-a89d-ff856e4e13b1@kernel.dk> <0fbf2b13-8bae-c7c5-d930-ebaafdc72202@kernel.dk>
 <011EF7D1-B095-4B8D-AD2A-993048932C49@linaro.org> <c30400f9-50e6-b5cf-d06b-a5e971e98546@kernel.dk>
 <13DBFC76-4849-4DDA-AC44-B2C1257912E7@linaro.org>
From:   Kees Cook <keescook@chromium.org>
Date:   Fri, 20 Apr 2018 13:23:17 -0700
X-Google-Sender-Auth: cgl7n54rU4t0lYVck5Q7XFFQZ2k
Message-ID: <CAGXu5j+8WUgr1y=JYhCkUqUWE0SJ+ymkM9DPEQwY8UoqPmoPSw@mail.gmail.com>
Subject: Re: usercopy whitelist woe in scsi_sense_cache
To:     Paolo Valente <paolo.valente@linaro.org>
Cc:     Jens Axboe <axboe@kernel.dk>,
        Oleksandr Natalenko <oleksandr@natalenko.name>,
        Bart Van Assche <bart.vanassche@wdc.com>,
        David Windsor <dave@nullcore.net>,
        "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        linux-scsi@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
        Christoph Hellwig <hch@lst.de>,
        Hannes Reinecke <hare@suse.com>,
        Johannes Thumshirn <jthumshirn@suse.de>,
        linux-block <linux-block@vger.kernel.org>,
        Ulf Hansson <ulf.hansson@linaro.org>,
        Mark Brown <broonie@kernel.org>,
        Linus Walleij <linus.walleij@linaro.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Apr 19, 2018 at 2:32 AM, Paolo Valente <paolo.valente@linaro.org> wrote:
> I'm missing something here.  When the request gets completed in the
> first place, the hook bfq_finish_requeue_request gets called, and that
> hook clears both ->elv.priv elements (as the request has a non-null
> elv.icq).  So, when bfq gets the same request again, those elements
> must be NULL.  What am I getting wrong?
>
> I have some more concern on this point, but I'll stick to this for the
> moment, to not create more confusion.

I don't know the "how", I only found the "what". :) If you want, grab
the reproducer VM linked to earlier in this thread; it'll hit the
problem within about 30 seconds of running the reproducer.

-Kees

-- 
Kees Cook
Pixel Security