On Mon, Oct 1, 2018 at 4:34 PM Douglas Gilbert <dgilbert@xxxxxxxxxxxx> wrote: > > On 2018-10-02 02:15 AM, Evan Green wrote: > > From: Robb Glasser <rglasser@xxxxxxxxxx> > > > > sg_ioctl could be spammed by requests, leading to a double free in > > __free_pages. This protects the entry points of sg_ioctl where the > > memory could be corrupted by a double call to __free_pages if multiple > > requests are happening concurrently. > > Hi, > I don't like this patch. I would like to see the trace for the double > call to the __free_pages you are referring too. A test program that > show the fault, perhaps? > > I have test code to "spam" the sg driver and have not seen a double > __free_pages that you refer to (see sg3_utils package version 1.44, > testing/sg_tst_async.cpp). > > Currently I am dusting off 20 years of "laparoscopic" patches to the sg > driver that have made a bit of a mess of the naming and comments. Also > the 16 outstanding requests per file descriptor limit is being removed. > Then I want to add the SG_IOSUBMIT and SG_IORECEIVE ioctls proposed by > Linus Torvalds two week ago. > > Executive summary: nak, without further information That makes sense. Thanks for taking a look.
