Re: [PATCH] [SCSI] sg: Fix user memory corruption when SG_IO is interrupted by a signal

On 13-08-05 11:54 PM, Peter Chang wrote: 2013/8/5 Roland Dreier rol...@kernel.org: From: Roland Dreier rol...@purestorage.com There is a nasty bug in the SCSI SG_IO ioctl that in some circumstances leads to one process writing data into the address space of some other random unrelated process

[PATCH] [SCSI] sg: Fix user memory corruption when SG_IO is interrupted by a signal

From: Roland Dreier rol...@purestorage.com There is a nasty bug in the SCSI SG_IO ioctl that in some circumstances leads to one process writing data into the address space of some other random unrelated process if the ioctl is interrupted by a signal. What happens is the following: - A process

Re: [PATCH] [SCSI] sg: Fix user memory corruption when SG_IO is interrupted by a signal

On Mon, 2013-08-05 at 15:02 -0700, Roland Dreier wrote: From: Roland Dreier rol...@purestorage.com There is a nasty bug in the SCSI SG_IO ioctl that in some circumstances leads to one process writing data into the address space of some other random unrelated process if the ioctl is

Re: [PATCH] [SCSI] sg: Fix user memory corruption when SG_IO is interrupted by a signal

On Mon, Aug 5, 2013 at 4:31 PM, James Bottomley james.bottom...@hansenpartnership.com wrote: I agree with the analysis. The fix is a bit draconian, though. A workqueue actually runs in a kernel thread and there's a simple test for that (!current-mm), so how about this instead (which is much

Re: [PATCH] [SCSI] sg: Fix user memory corruption when SG_IO is interrupted by a signal

On Mon, 2013-08-05 at 16:38 -0700, Roland Dreier wrote: On Mon, Aug 5, 2013 at 4:31 PM, James Bottomley james.bottom...@hansenpartnership.com wrote: I agree with the analysis. The fix is a bit draconian, though. A workqueue actually runs in a kernel thread and there's a simple test for

Re: [PATCH] [SCSI] sg: Fix user memory corruption when SG_IO is interrupted by a signal

Roland, When this sg code was originally designed, there wasn't a bio in sight :-) Now I'm trying to get my head around this. We have launched a data-in SCSI command like READ(10) and the DMA is underway so we are waiting for a done indication. Instead we receive a signal interruption. It is not

Re: [PATCH] [SCSI] sg: Fix user memory corruption when SG_IO is interrupted by a signal

2013/8/5 Roland Dreier rol...@kernel.org: From: Roland Dreier rol...@purestorage.com There is a nasty bug in the SCSI SG_IO ioctl that in some circumstances leads to one process writing data into the address space of some other random unrelated process if the ioctl is interrupted by a signal.