Received: by 10.192.165.148 with SMTP id m20csp676175imm; Fri, 20 Apr 2018 13:28:46 -0700 (PDT) X-Google-Smtp-Source: AIpwx4833ePSPdcLpp9XRbbINK0BSBCAKQ2bigxBGQWk/Ob59nrmr0jfAl/QmDfT8TtGR6PzFyYm X-Received: by 2002:a17:902:5417:: with SMTP id d23-v6mr10731093pli.386.1524256125970; Fri, 20 Apr 2018 13:28:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524256125; cv=none; d=google.com; s=arc-20160816; b=JgyTX68re4c3PWoVIA/8wp+kcT6hkZy619fqafDVUgmdOPNUd7mIm5T1neIsfrh5HO RNWmtR3e5kfP3NTIfb2pvuMBrPkk4aIABDgmMo46liZQ011Oa82SNXcCq+3+zQUYeno5 8V6sHODEiHK85xQBsEq0bWdeA91Mo+uLcEBJPPj2caIcDnZsNn4hcCzku/rdXJf1PLhR /S8d7uVH424CIB5QHxTHzjzpx4JLijNBRd4teANfl7Q5jDfAaOo8oyVJo6f8giiAPVs8 m6rEWv+F3MU26GTCIm/ULjC4bczhmxf8VK56KNsaDHYZlqOfdCe+Uu5ZZBwo0oocGZwL jWHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=dx7DBPtWG+aaZCpJQ31/6LGWVnTMJFEmAJR7FhUbDxI=; b=R7fHCgMH0VdwClH3dn1YZQvTnSNvWo1+w9+qYlLRdysUmhF6sirG/UbWWv6xCHS+EG fLZ2yn9aCeUZLkc3jSjIVzV7PR/go2G00pFRQiN2Xb4JZEoRWPy/CwYQrGMQDOsdR0C3 8E1N06Un4+TDjJrTWuGm0FWRxQupDOmCwQX4BNEsGQwEYSsLsI8k6iddE47ZCpg0inrJ k7tkMNzaouKog4v5cr+iGAb7+HYMGfIFTbKMruFTlZP5rcGouxHFDl5kDs8JV719Fc9L AStHnUlt6H61UzVB6kPpl20Pc2qbDooqbXpuyj4dP9xMmYofUP920YGzh7JhuydtnzMe oggg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=tV1dR1i2; dkim=fail header.i=@chromium.org header.s=google header.b=VAOMWno0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y73si5374710pgd.390.2018.04.20.13.28.08; Fri, 20 Apr 2018 13:28:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=tV1dR1i2; dkim=fail header.i=@chromium.org header.s=google header.b=VAOMWno0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752695AbeDTUXW (ORCPT + 99 others); Fri, 20 Apr 2018 16:23:22 -0400 Received: from mail-vk0-f45.google.com ([209.85.213.45]:44993 "EHLO mail-vk0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752629AbeDTUXT (ORCPT ); Fri, 20 Apr 2018 16:23:19 -0400 Received: by mail-vk0-f45.google.com with SMTP id r184so5994323vke.11 for ; Fri, 20 Apr 2018 13:23:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=dx7DBPtWG+aaZCpJQ31/6LGWVnTMJFEmAJR7FhUbDxI=; b=tV1dR1i2YKQN58Giow17U3Y5C0l2N26M3CejfzFlUPrlI0gY4DqdMIfCKSjVfU9u7E ap73dfFTsjKAaZwNrQMnadMQaBLAdeSpEF6+CvWlOaCnJu7m+QMQKwGWOU7O6ttL/LQh TWKxXG5F1hBX0IMvYSAsj3pdEtOqtezpibLdLIFkjmybIqLU7vfSRgee9Af5ch9Alx2o xsmonK3428kt83JCqXqVcuBFpNSRRWFtIohTUtX/i8CDgl1z3y9UEkTB57QfQcr6yA04 80f7QQ2bagr7gWRCQ1Om57P7IqXccejdUxVdLUD8eBoeh6X7gJCLo0wepkr1sFzGvqqz 8hUg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=dx7DBPtWG+aaZCpJQ31/6LGWVnTMJFEmAJR7FhUbDxI=; b=VAOMWno0TT0lKdgI6eOMM3CJGbKj8quo8s5gsLlgsewR4cfsFPcVwVfC+rLzIAIfk2 bdY/+aB8rSqVQjvleVxHvmWeS9SCWOPKjvRXpQIoP6JcYHMKbVZrq2guKl8LU5h7a80z EtKE5GJYER6S4h8Z787ha72Kio1sNpvMSi5Q0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=dx7DBPtWG+aaZCpJQ31/6LGWVnTMJFEmAJR7FhUbDxI=; b=VZMTmg5iwsmewvymRksLYEP4rHC8Zm6cy9fQSXDLYWoi2N6+Bt69Xfv8gIszHz1X5E IuyEWVhbTdwhMj2YzOz+cMmz2fl6YS74BQlzfEWlOrUDIpStRM1pV/SKjxn2cJT8uHg+ +NAbssx9XVZRKl/g+C30B1o6uxTuoNV/Um+TfXykqZz+tShRVX+Pl/qs4VG72OE46xXK glXnBn1Y1XzuB9xgE606nRfoCJs8gamySmB1T598HdWrik5TiNwc326urOilPDVurSar ukyHXPQVThgz2RYsJ3a60E0XoshY4Q39UXRpFWrr3ArfcgixJnWYKg1zp0NKQGaehszU 1Oow== X-Gm-Message-State: ALQs6tCmgXP4tNsUWPUJrnKCfFyVWLBXRZgm/PHAObW1fL/VcIRDPXmU xnRpggt2M0XayHN3X2AOJOE8Fi8hERPJhGt/pzDmBA== X-Received: by 10.31.168.213 with SMTP id r204mr8623253vke.84.1524255798906; Fri, 20 Apr 2018 13:23:18 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.164.81 with HTTP; Fri, 20 Apr 2018 13:23:17 -0700 (PDT) In-Reply-To: <13DBFC76-4849-4DDA-AC44-B2C1257912E7@linaro.org> References: <10360653.ov98egbaqx@natalenko.name> <8473f909-2123-0cfc-43b1-beba0b1aef9b@kernel.dk> <07f263ff-cea6-ac3c-944b-0f36fee8ba25@kernel.dk> <8b32e079-d4e6-3fea-a89d-ff856e4e13b1@kernel.dk> <0fbf2b13-8bae-c7c5-d930-ebaafdc72202@kernel.dk> <011EF7D1-B095-4B8D-AD2A-993048932C49@linaro.org> <13DBFC76-4849-4DDA-AC44-B2C1257912E7@linaro.org> From: Kees Cook Date: Fri, 20 Apr 2018 13:23:17 -0700 X-Google-Sender-Auth: cgl7n54rU4t0lYVck5Q7XFFQZ2k Message-ID: Subject: Re: usercopy whitelist woe in scsi_sense_cache To: Paolo Valente Cc: Jens Axboe , Oleksandr Natalenko , Bart Van Assche , David Windsor , "James E.J. Bottomley" , "Martin K. Petersen" , linux-scsi@vger.kernel.org, LKML , Christoph Hellwig , Hannes Reinecke , Johannes Thumshirn , linux-block , Ulf Hansson , Mark Brown , Linus Walleij Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 19, 2018 at 2:32 AM, Paolo Valente wrote: > I'm missing something here. When the request gets completed in the > first place, the hook bfq_finish_requeue_request gets called, and that > hook clears both ->elv.priv elements (as the request has a non-null > elv.icq). So, when bfq gets the same request again, those elements > must be NULL. What am I getting wrong? > > I have some more concern on this point, but I'll stick to this for the > moment, to not create more confusion. I don't know the "how", I only found the "what". :) If you want, grab the reproducer VM linked to earlier in this thread; it'll hit the problem within about 30 seconds of running the reproducer. -Kees -- Kees Cook Pixel Security