Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1329583imm; Wed, 23 May 2018 14:17:53 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrWdvuLxfk6qkmF4T7o12Muok7yVfEXkreG/Q9q98fL5IQDpZO9gyGgBESLjZk/Dwzd1K2A X-Received: by 2002:a17:902:9a8a:: with SMTP id w10-v6mr4498310plp.333.1527110273327; Wed, 23 May 2018 14:17:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527110273; cv=none; d=google.com; s=arc-20160816; b=JsQNYNjiBY+yUNrFNYwSLRvo3FY3CYjJGGELpE/m2Go6pvG33xtUvdeuw7w5T5qDw2 DxWJnlfD/PkDCHMvtwW5DrtEcYD2wvdN4DfYHHWOlrzcpg2aZsXOymabpmSN42LVHJwe FQ9s3g1blxocwQaDb18KgVEy+ElyPRGrxVKcB/b5MVB6wDMkPD7D2mI1RuM9VX7xGD1O ZB5q831mzR03k08pbeobDTbyZDgt7n4XIAPSMbm1wctA/rcTEhAEJ5TQ1ujlLxiBTbCi xStLw5+wsR4cm1rbo4gT3rBjKvkIgZmh8bPbzTux2XavAZ9WgvrNTb3rvJsDz4dRkM2z Puug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=48uapMwOuQrDu7yg515Wrcrf2lIASzvw0N4U/ja+I4M=; b=z+ZfXFeBqBw9ygVIhcWeNwp+pY2N7b/bTnTGjA8UCmYUlDAv0OZMuXPmUJmJD8rUAc wnhFUubMDmnkTysaH4/yZny4VAXqfRmJ6v9S9exoRZGZ693+FTNxTUWle35MH/xH2yC9 NWV2V4H9F4x+j529RF6dyrxdrfQLzFXwpypUvErlGZxSrN4U7QBqzNyWcvjjR5492kr0 com0nhTHv53yhXP2GBUjpV2VVedmgEhsy/24ncX8qzYJ70xEzI4dJV5qaKuPaE+ZFk/G +fpuoXUcj8ac8A4CU+Dfb2zf2S0stCoU21VRwDQG/Oq70Pj8xA23bCJX7wV6nIamQtkq jufw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=u3MJ5mda; dkim=fail header.i=@chromium.org header.s=google header.b=BKbPdS40; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x14-v6si15504469pgq.512.2018.05.23.14.17.38; Wed, 23 May 2018 14:17:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=u3MJ5mda; dkim=fail header.i=@chromium.org header.s=google header.b=BKbPdS40; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934683AbeEWVR0 (ORCPT + 99 others); Wed, 23 May 2018 17:17:26 -0400 Received: from mail-ua0-f193.google.com ([209.85.217.193]:37267 "EHLO mail-ua0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934270AbeEWVRQ (ORCPT ); Wed, 23 May 2018 17:17:16 -0400 Received: by mail-ua0-f193.google.com with SMTP id i3-v6so15750692uad.4 for ; Wed, 23 May 2018 14:17:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=48uapMwOuQrDu7yg515Wrcrf2lIASzvw0N4U/ja+I4M=; b=u3MJ5mdawgNfqYQx9uvJLKpMy6f2Y7L/rCjp1upsMwCkdxy8S/g0yG4zdGIWl6rnhO 8Q3vyT9ujtuDkBLAWAeiz8F4QLSUNYTYKOqfi9BGOJlmn6j7POciVg3xhfAV9InuPb1u bUD4Md6tk5887VsUEs0kj9qOXjxHdwMo+XNjrQA5t9r82ZhkM7du7tOGTyQrmcsDPmcB vadnUjCbzqnnwcnLYDmF51wzU1qxVnsgpbW12Tw1i4QiUGtf2deQcL8yFAxcPxah6pVu epTZibOjjYPCB4DfYRPHqirXghB6EnI82UVafD78/6nshkD+nuxKseHuoEm5zDU0IyeP wH+Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=48uapMwOuQrDu7yg515Wrcrf2lIASzvw0N4U/ja+I4M=; b=BKbPdS40nSPpN0Qggg2+DsY58qfRoeRY4qRLHs5jIGdLzLejLq5VwuyHFlkBs2vjoF binmk13PMRha7WFJbbRLFSzNM3id/lVHmXcrcFtrG822l6MxDPZ3vmwZXyL4DHYX7I5Q BG6krm4lNdbjYcWpFr/WA5TjK++GuqjZ6kcDA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=48uapMwOuQrDu7yg515Wrcrf2lIASzvw0N4U/ja+I4M=; b=M4Mj1lJUkO9XW3kzECYv9YJ1hHG+95m3FwxWUBbOH3HxI4bjUBp1Dm1uIo4uq7SRGo 4hcEIEW9H0EAPpVt0WIMzKcxun4sIV9o4Yp2ir72r+IqM2NjTzR1g6Iiez+UhDinTpRS rM7euyp2KuYTd/5hCpnSzgrvSDdHqqcAej1M+B/31y0Tybt6wcZeGtqafXqUsGmwfZfJ NVRgYp+62j5x6X6lYVM7Mzr7EoUEm7Up4uANp1afMSyGcU93WMKnTbHtN30SKlcCSSC4 hGeZ1LbgQvNEN7+ki10gvxzPEYTlu9XyKWLd7Kzyhl/O50QnlVeNfCwpVTMqPEnDtEay K9WQ== X-Gm-Message-State: ALKqPwcZbk4EVpgI+A+qgTeWSCqdV/EzpnnN3qgbJp9yykmnA0ZqlRmy gbYiSOkpxpYlFnTEDcRKlfCmJmJ5g+55FosmNr70Ew== X-Received: by 2002:a9f:2823:: with SMTP id c32-v6mr3254583uac.193.1527110235007; Wed, 23 May 2018 14:17:15 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1f:bd1:0:0:0:0:0 with HTTP; Wed, 23 May 2018 14:17:14 -0700 (PDT) In-Reply-To: References: <20180522183613.GA3784@infradead.org> <732f4249-5681-4a54-ec21-4ecc3d3a74e5@kernel.dk> <20180522191309.GA23615@infradead.org> <8d4af5c4-96fa-54ee-d5c1-b887b1de5a3c@kernel.dk> <9A0BC289-4203-4C77-A012-AAB07F42061F@kernel.dk> <20180523142545.GA16248@infradead.org> <24d36869-e037-042d-cb16-20a81b34eb76@kernel.dk> From: Kees Cook Date: Wed, 23 May 2018 14:17:14 -0700 X-Google-Sender-Auth: yXx59FbAikDTjQXloBUdgYcI1G8 Message-ID: Subject: Re: [PATCH 3/6] block: Create scsi_sense.h for SCSI and ATAPI To: "Martin K. Petersen" Cc: Jens Axboe , Christoph Hellwig , James Bottomley , Tejun Heo , Borislav Petkov , "David S. Miller" , "Manoj N. Kumar" , "Matthew R. Ochs" , Uma Krishnan , linux-block , linux-ide@vger.kernel.org, linux-scsi@vger.kernel.org, LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 23, 2018 at 2:06 PM, Martin K. Petersen wrote: > > Kees, > >> obj-$(CONFIG_SCSI) += scsi/ >> >> So: this needs to live in block/ just like CONFIG_BLK_SCSI_REQUEST's >> scsi_ioctl.c. I will split it into CONFIG_BLK_SCSI_SENSE, but I'll >> still need to move the code from drivers/scsi/ to block/. Is this >> okay? > > The reason this sucks is that scsi_normalize_sense() is an inherent core > feature in the SCSI layer. Dealing with sense data for ioctls is just a > fringe use case. True, though I'm finding other robustness issues in the CDROM code. They're probably all insane corner cases, but it seems like it'd be nice to just fix them: diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index 3522d2cae1b6..7726c8618c30 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -2222,9 +2223,12 @@ static int cdrom_read_cdda_bpc(struct cdrom_device_info *cdi, __u8 __user *ubuf, blk_execute_rq(q, cdi->disk, rq, 0); if (scsi_req(rq)->result) { - struct request_sense *s = req->sense; + struct scsi_sense_hdr sshdr; + ret = -EIO; - cdi->last_sense = s->sense_key; + scsi_normalize_sense(req->sense, req->sense_len, + &sshdr); + cdi->last_sense = sshdr.sense_key; } if (blk_rq_unmap_user(bio)) This code wasn't checking req->sense_len, for example. It'll just get stale data at worst case, but it's still ugly, especially since we have a solution to do it right. > I don't want to get too hung up on what goes where. But architecturally > it really irks me to move a core piece of SCSI state machine > functionality out of the subsystem to accommodate ioctl handling. It looks like there is more in block/scsi_ioctl.c than just ioctl handling, which is why I put the function in there originally. Honestly, it's almost so small I could make it a static inline. :P > I'm traveling today so I probably won't get a chance to look closely > until tomorrow morning. No worries; thanks for looking at it! -Kees -- Kees Cook Pixel Security