Re: [PATCH 3/6] block: Create scsi_sense.h for SCSI and ATAPI
From: Kees Cook <hidden>
Date: 2018-05-23 21:17:28
Also in:
linux-ide, linux-scsi, lkml
Subsystem:
the rest, uniform cdrom driver · Maintainers:
Linus Torvalds, Phillip Potter
Possibly related (same subject, not in this thread)
- 2018-07-31 · Re: [PATCH 3/6] block: Create scsi_sense.h for SCSI and ATAPI · Kees Cook <hidden>
- 2018-07-31 · Re: [PATCH 3/6] block: Create scsi_sense.h for SCSI and ATAPI · Christoph Hellwig <hch@infradead.org>
- 2018-07-09 · Re: [PATCH 3/6] block: Create scsi_sense.h for SCSI and ATAPI · Kees Cook <hidden>
- 2018-07-08 · Re: [PATCH 3/6] block: Create scsi_sense.h for SCSI and ATAPI · Christoph Hellwig <hch@infradead.org>
- 2018-05-25 · Re: [PATCH 3/6] block: Create scsi_sense.h for SCSI and ATAPI · Christoph Hellwig <hch@infradead.org>
On Wed, May 23, 2018 at 2:06 PM, Martin K. Petersen [off-list ref] wrote:
Kees,quoted
obj-$(CONFIG_SCSI) += scsi/ So: this needs to live in block/ just like CONFIG_BLK_SCSI_REQUEST's scsi_ioctl.c. I will split it into CONFIG_BLK_SCSI_SENSE, but I'll still need to move the code from drivers/scsi/ to block/. Is this okay?The reason this sucks is that scsi_normalize_sense() is an inherent core feature in the SCSI layer. Dealing with sense data for ioctls is just a fringe use case.
True, though I'm finding other robustness issues in the CDROM code. They're probably all insane corner cases, but it seems like it'd be nice to just fix them:
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index 3522d2cae1b6..7726c8618c30 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c@@ -2222,9 +2223,12 @@ static int cdrom_read_cdda_bpc(structcdrom_device_info *cdi, __u8 __user *ubuf,
blk_execute_rq(q, cdi->disk, rq, 0);
if (scsi_req(rq)->result) {
- struct request_sense *s = req->sense;
+ struct scsi_sense_hdr sshdr;
+
ret = -EIO;
- cdi->last_sense = s->sense_key;
+ scsi_normalize_sense(req->sense, req->sense_len,
+ &sshdr);
+ cdi->last_sense = sshdr.sense_key;
}
if (blk_rq_unmap_user(bio))
This code wasn't checking req->sense_len, for example. It'll just get
stale data at worst case, but it's still ugly, especially since we
have a solution to do it right.
I don't want to get too hung up on what goes where. But architecturally it really irks me to move a core piece of SCSI state machine functionality out of the subsystem to accommodate ioctl handling.
It looks like there is more in block/scsi_ioctl.c than just ioctl handling, which is why I put the function in there originally. Honestly, it's almost so small I could make it a static inline. :P
I'm traveling today so I probably won't get a chance to look closely until tomorrow morning.
No worries; thanks for looking at it! -Kees -- Kees Cook Pixel Security