subject:"Re\: Antw\: \[EXT\] Re\: \[PATCH\] scsi scsi_transport_iscsi.c\: fix misuse of %llu in scsi_transport

Re: Antw: [EXT] Re: [PATCH] scsi scsi_transport_iscsi.c: fix misuse of %llu in scsi_transport_iscsi.c

2021-10-15 Thread Guo Zhi


On 2021/10/11 23:29, Mike Christie wrote:

On 10/11/21 1:35 AM, Ulrich Windl wrote:

Joe Perches  schrieb am 09.10.2021 um 05:14 in Nachricht

<5daf69b365e23ceecee911c4d0f2f66a0b9ec95c.ca...@perches.com>:

On Sat, 2021-10-09 at 11:02 +0800, Guo Zhi wrote:

Pointers should be printed with %p or %px rather than
cast to (unsigned long long) and printed with %llu.
Change %llu to %p to print the pointer into sysfs.

][]

diff --git a/drivers/scsi/scsi_transport_iscsi.c

b/drivers/scsi/scsi_transport_iscsi.c
[]

@@ -129,8 +129,8 @@ show_transport_handle(struct device *dev, struct

device_attribute *attr,
  


if (!capable(CAP_SYS_ADMIN))
return -EACCES;
-   return sysfs_emit(buf, "%llu\n",
- (unsigned long long)iscsi_handle(priv->iscsi_transport));
+   return sysfs_emit(buf, "%p\n",
+   iscsi_ptr(priv->iscsi_transport));

iscsi_transport is a pointer isn't it?

so why not just

return sysfs_emit(buf, "%p\n", priv->iscsi_transport);

Isn't the difference that %p outputs hex, while %u outputs decimal?


Yeah, I think this patch will break userspace, because it doesn't know it's
a pointer. It could be doing:

sscanf(str, "%llu", );

The value is just later passed back to the kernel to look up a driver in
iscsi_if_transport_lookup:

 list_for_each_entry(priv, _transports, list) {
 if (tt == priv->iscsi_transport) {

so we could just replace priv->transport with an int and use an ida to assign
the value.


Taking security into consideration, We should not print kernel pointer 
into sysfs.


However if this is a special pointer to lookup a driver,  It's really 
tricky for me to fix it,


as I don't have a scsi device to test my code.


Guo


--
You received this message because you are subscribed to the Google Groups 
"open-iscsi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to open-iscsi+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/open-iscsi/6772c5ef-4666-e2b5-2885-797baa939b45%40sjtu.edu.cn.

Re: Antw: [EXT] Re: [PATCH] scsi scsi_transport_iscsi.c: fix misuse of %llu in scsi_transport_iscsi.c

2021-10-12 Thread Ulrich Windl

>>> Mike Christie  schrieb am 11.10.2021 um 17:29 
>>> in
Nachricht :
> On 10/11/21 1:35 AM, Ulrich Windl wrote:
> Joe Perches  schrieb am 09.10.2021 um 05:14 in Nachricht
>> <5daf69b365e23ceecee911c4d0f2f66a0b9ec95c.ca...@perches.com>:
>>> On Sat, 2021-10-09 at 11:02 +0800, Guo Zhi wrote:
 Pointers should be printed with %p or %px rather than
 cast to (unsigned long long) and printed with %llu.
 Change %llu to %p to print the pointer into sysfs.
>>> ][]
 diff --git a/drivers/scsi/scsi_transport_iscsi.c 
>>> b/drivers/scsi/scsi_transport_iscsi.c
>>> []
 @@ -129,8 +129,8 @@ show_transport_handle(struct device *dev, struct 
>>> device_attribute *attr,
  

if (!capable(CAP_SYS_ADMIN))
return -EACCES;
 -  return sysfs_emit(buf, "%llu\n",
 -(unsigned long long)iscsi_handle(priv->iscsi_transport));
 +  return sysfs_emit(buf, "%p\n",
 +  iscsi_ptr(priv->iscsi_transport));
>>>
>>> iscsi_transport is a pointer isn't it?
>>>
>>> so why not just
>>>
>>> return sysfs_emit(buf, "%p\n", priv->iscsi_transport);
>> 
>> Isn't the difference that %p outputs hex, while %u outputs decimal?
>> 
> 
> Yeah, I think this patch will break userspace, because it doesn't know it's
> a pointer. It could be doing:
> 
> sscanf(str, "%llu", );
> 
> The value is just later passed back to the kernel to look up a driver in
> iscsi_if_transport_lookup:
> 
> list_for_each_entry(priv, _transports, list) {
> if (tt == priv->iscsi_transport) {
> 
> so we could just replace priv->transport with an int and use an ida to assign
> the value.

I'm not in the details, but if that value is used as an ID, shouldn't it have 
been something like "ID%llu" right from the start?
If so it would be rather easy to use "ID%p" instead (if the syntax of the ID is 
left unspecified). At least nobody would treat it as a number.

Regards,
Ulrich


> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "open-iscsi" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to open-iscsi+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/open-iscsi/ae7a82c2-5b19-493a-8d61-cdccb00c 
> f46c%40oracle.com.




-- 
You received this message because you are subscribed to the Google Groups 
"open-iscsi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to open-iscsi+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/open-iscsi/6165337C02A1000446A6%40gwsmtp.uni-regensburg.de.

Re: Antw: [EXT] Re: [PATCH] scsi scsi_transport_iscsi.c: fix misuse of %llu in scsi_transport_iscsi.c

2021-10-11 Thread Mike Christie

On 10/11/21 1:35 AM, Ulrich Windl wrote:
 Joe Perches  schrieb am 09.10.2021 um 05:14 in Nachricht
> <5daf69b365e23ceecee911c4d0f2f66a0b9ec95c.ca...@perches.com>:
>> On Sat, 2021-10-09 at 11:02 +0800, Guo Zhi wrote:
>>> Pointers should be printed with %p or %px rather than
>>> cast to (unsigned long long) and printed with %llu.
>>> Change %llu to %p to print the pointer into sysfs.
>> ][]
>>> diff --git a/drivers/scsi/scsi_transport_iscsi.c 
>> b/drivers/scsi/scsi_transport_iscsi.c
>> []
>>> @@ -129,8 +129,8 @@ show_transport_handle(struct device *dev, struct 
>> device_attribute *attr,
>>>  
>>>
>>> if (!capable(CAP_SYS_ADMIN))
>>> return -EACCES;
>>> -   return sysfs_emit(buf, "%llu\n",
>>> - (unsigned long long)iscsi_handle(priv->iscsi_transport));
>>> +   return sysfs_emit(buf, "%p\n",
>>> +   iscsi_ptr(priv->iscsi_transport));
>>
>> iscsi_transport is a pointer isn't it?
>>
>> so why not just
>>
>>  return sysfs_emit(buf, "%p\n", priv->iscsi_transport);
> 
> Isn't the difference that %p outputs hex, while %u outputs decimal?
> 

Yeah, I think this patch will break userspace, because it doesn't know it's
a pointer. It could be doing:

sscanf(str, "%llu", );

The value is just later passed back to the kernel to look up a driver in
iscsi_if_transport_lookup:

list_for_each_entry(priv, _transports, list) {
if (tt == priv->iscsi_transport) {

so we could just replace priv->transport with an int and use an ida to assign
the value.

-- 
You received this message because you are subscribed to the Google Groups 
"open-iscsi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to open-iscsi+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/open-iscsi/ae7a82c2-5b19-493a-8d61-cdccb00cf46c%40oracle.com.

Re: Antw: [EXT] Re: [PATCH] scsi scsi_transport_iscsi.c: fix misuse of %llu in scsi_transport_iscsi.c

Re: Antw: [EXT] Re: [PATCH] scsi scsi_transport_iscsi.c: fix misuse of %llu in scsi_transport_iscsi.c

Re: Antw: [EXT] Re: [PATCH] scsi scsi_transport_iscsi.c: fix misuse of %llu in scsi_transport_iscsi.c

3 matches

Site Navigation

Mail list logo

Footer information