On Mon, Dec 2, 2019 at 10:58 PM Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> Anyway, the sg copyin/out changes by Al conflicted fairly badly with
> Arnd's compat_ioctl changes.
>
> Al did
>
> c35a5cfb4150 ("scsi: sg: sg_read(): simplify reading ->pack_id of
> userland sg_io_hdr_t")
>
> which avoided doing a whole allocation of an 'sg_io_hdr_t' to just
> read the one field of it.
>
> But Arnd did
>
> 98aaaec4a150 ("compat_ioctl: reimplement SG_IO handling")
>
> which created a get_sg_io_hdr() helper that copied the 'sg_io_hdr_t'
> from user space the right way for both compat and native, which
> basically relied on the old approach.
Right, I also failed to notice that the linux-next conflict resolution
was breaking my changes, the fixup looked simple enough there. :-(
> since it turns out that the one 'pack_id' field we want does have the
> same format in compat mode as in native mode ("int" and
> "compat_int_t" are the same), it's just at different offsets. But the
> definition of 'compat_sg_io_hdr' isn't available in that place.
>
> I'm leaving it to Al and Arnd to decide if they want to fix the
> stupidity. I tried to make the minimally invasive merge resolution.
>
> Al, Arnd? Comments?
>
> It looks like linux-next punted on this entirely, and took Al's
> simplified version that doesn't work with the compat case. Maybe I
> should have done the same - if you use read() on the /dev/sg* device,
> you deserve to get broken for the compat case. And it didn't
> historically work anyway. But it was kind of sad to see how Arnd fixed
> it, and then it got broken again.
I've tried now to move the pack_id logic into a separate function
and, in doing so noticed a bug in my own patch: sg_new_read()
needs to check for the compat_sg_io_hdr size, which also
depends on the struct definition. I've drafted a patch that should
do this right, but we could also just -EINVAL in compat mode here
if that's too complex.
Arnd
