Since using scsi_req() is only allowed against request queues for
which struct scsi_request is the first member of their private
request data, refuse to submit SCSI commands against a queue for
which this is not the case.
References: commit 82ed4db499b8 ("block: split scsi_request out of struct request")
Signed-off-by: Bart Van Assche <[email protected]>
Reviewed-by: Hannes Reinecke <[email protected]>
Cc: J. Bruce Fields <[email protected]>
Cc: Jeff Layton <[email protected]>
Cc: Jens Axboe <[email protected]>
Cc: Christoph Hellwig <[email protected]>
Cc: Omar Sandoval <[email protected]>
Cc: [email protected]
Cc: [email protected]
---
fs/nfsd/blocklayout.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c
index fb5213afc854..38e14cf7e74a 100644
--- a/fs/nfsd/blocklayout.c
+++ b/fs/nfsd/blocklayout.c
@@ -219,6 +219,9 @@ static int nfsd4_scsi_identify_device(struct block_device *bdev,
u8 *buf, *d, type, assoc;
int error;
+ if (WARN_ON_ONCE(!blk_queue_scsi_pdu(q)))
+ return -EINVAL;
+
buf = kzalloc(bufflen, GFP_KERNEL);
if (!buf)
return -ENOMEM;
--
2.12.2
On Thu, May 25, 2017 at 11:43:14AM -0700, Bart Van Assche wrote:
> Since using scsi_req() is only allowed against request queues for
> which struct scsi_request is the first member of their private
> request data, refuse to submit SCSI commands against a queue for
> which this is not the case.
Is it possible we could catch this earlier and avoid giving out the
layout in the first place?
--b.
>
> References: commit 82ed4db499b8 ("block: split scsi_request out of struct request")
> Signed-off-by: Bart Van Assche <[email protected]>
> Reviewed-by: Hannes Reinecke <[email protected]>
> Cc: J. Bruce Fields <[email protected]>
> Cc: Jeff Layton <[email protected]>
> Cc: Jens Axboe <[email protected]>
> Cc: Christoph Hellwig <[email protected]>
> Cc: Omar Sandoval <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> ---
> fs/nfsd/blocklayout.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c
> index fb5213afc854..38e14cf7e74a 100644
> --- a/fs/nfsd/blocklayout.c
> +++ b/fs/nfsd/blocklayout.c
> @@ -219,6 +219,9 @@ static int nfsd4_scsi_identify_device(struct block_device *bdev,
> u8 *buf, *d, type, assoc;
> int error;
>
> + if (WARN_ON_ONCE(!blk_queue_scsi_pdu(q)))
> + return -EINVAL;
> +
> buf = kzalloc(bufflen, GFP_KERNEL);
> if (!buf)
> return -ENOMEM;
> --
> 2.12.2
On Thu, 2017-05-25 at 14:48 -0400, J . Bruce Fields wrote:
> On Thu, May 25, 2017 at 11:43:14AM -0700, Bart Van Assche wrote:
> > Since using scsi_req() is only allowed against request queues for
> > which struct scsi_request is the first member of their private
> > request data, refuse to submit SCSI commands against a queue for
> > which this is not the case.
>=20
> Is it possible we could catch this earlier and avoid giving out the
> layout in the first place?
Hello Christoph,
According to what I see in commit 8650b8a05850 you are the author of this
code? Can the blk_queue_scsi_pdu(q) test fail in nfsd4_scsi_identify_device=
()?
If so, can nfsd4_layout_verify() be modified in such a way that it prevents
that nfsd4_scsi_proc_getdeviceinfo() is ever called for a non-SCSI queue?
Can you recommend an approach?
Thanks,
Bart.=
On Thu, May 25, 2017 at 08:19:47PM +0000, Bart Van Assche wrote:
> On Thu, 2017-05-25 at 14:48 -0400, J . Bruce Fields wrote:
> > On Thu, May 25, 2017 at 11:43:14AM -0700, Bart Van Assche wrote:
> > > Since using scsi_req() is only allowed against request queues for
> > > which struct scsi_request is the first member of their private
> > > request data, refuse to submit SCSI commands against a queue for
> > > which this is not the case.
> >
> > Is it possible we could catch this earlier and avoid giving out the
> > layout in the first place?
>
> Hello Christoph,
>
> According to what I see in commit 8650b8a05850 you are the author of this
> code? Can the blk_queue_scsi_pdu(q) test fail in nfsd4_scsi_identify_device()?
If the user explicitly asked for a scsi layout export of a non-scsi
device it can.
> If so, can nfsd4_layout_verify() be modified in such a way that it prevents
> that nfsd4_scsi_proc_getdeviceinfo() is ever called for a non-SCSI queue?
> Can you recommend an approach?
Not easily. The only thing we could do is an export time check, that
would refuse the scsi layout export if the device is not capable.
I can look into that, but it will take some time so for now I think we
should go ahead with your series.
Looks fine,
Reviewed-by: Christoph Hellwig <[email protected]>
On Fri, May 26, 2017 at 08:10:03AM +0200, [email protected] wrote:
> On Thu, May 25, 2017 at 08:19:47PM +0000, Bart Van Assche wrote:
> > On Thu, 2017-05-25 at 14:48 -0400, J . Bruce Fields wrote:
> > > On Thu, May 25, 2017 at 11:43:14AM -0700, Bart Van Assche wrote:
> > > > Since using scsi_req() is only allowed against request queues for
> > > > which struct scsi_request is the first member of their private
> > > > request data, refuse to submit SCSI commands against a queue for
> > > > which this is not the case.
> > >
> > > Is it possible we could catch this earlier and avoid giving out the
> > > layout in the first place?
> >
> > Hello Christoph,
> >
> > According to what I see in commit 8650b8a05850 you are the author of this
> > code? Can the blk_queue_scsi_pdu(q) test fail in nfsd4_scsi_identify_device()?
>
> If the user explicitly asked for a scsi layout export of a non-scsi
> device it can.
>
> > If so, can nfsd4_layout_verify() be modified in such a way that it prevents
> > that nfsd4_scsi_proc_getdeviceinfo() is ever called for a non-SCSI queue?
> > Can you recommend an approach?
>
> Not easily. The only thing we could do is an export time check, that
> would refuse the scsi layout export if the device is not capable.
>
> I can look into that, but it will take some time so for now I think we
> should go ahead with your series.
Fine by me.--b.