On Wed, Apr 17, 2019 at 12:33 AM Douglas Gilbert dgilbert@interlog.com wrote:
On 2019-04-16 4:19 p.m., Arnd Bergmann wrote:
Hi Al,
It took me way longer than I had hoped to revisit this series, see https://lore.kernel.org/lkml/20180912150142.157913-1-arnd@arndb.de/ for the previously posted version.
I've come to the point where all conversion handlers and most COMPATIBLE_IOCTL() entries are gone from this file, but for now, this series only has the parts that have either been reviewed previously, or that are simple enough to include.
The main missing piece is the SG_IO/SG_GET_REQUEST_TABLE conversion. I'll post the patches I made for that later, as they need more testing and review from the scsi maintainers.
Perhaps you could look at the document in this url: http://sg.danny.cz/sg/sg_v40.html
It is work-in-progress to modernize the SCSI generic driver. It extends ioctl(sg_fd, SG_IO, &pt_obj) to additionally accept the sg v4 interface as defined in include/uapi/linux/bsg.h . Currently only the bsg driver uses the sg v4 interface. Since struct sg_io_v4 is all explicitly sized integers, I'm guessing it is immune "compat" problems. [I can see no reference to bsg nor struct sg_io_v4 in the current fs/compat_ioctl.c file.]
Ok, I've taken a brief look at your series now. Unfortunately it clashes quite hard with my series, but it's probably for the better to have your stuff get merged first.
A few (unsorted) comments from going through your patches:
- the added ioctls are all compatible when using the v4 structures and mostly don't need handlers for compat mode, but they need to be called from .compat_ioctl to actually be usable in compat mode. With my patches you get that. - One exception for the v4 layout is the use of iovec pointers, as 'struct iovec' is incompatible. We should probably merge the generic compat_import_iovec() into import_iovec() with a 'in_compat_syscall()' check, which would be helpful in general. bsg.c does not iovec, so it is not affected by this at the moment, maybe it would be better to stay compatible with that and also not support them in sg.c? - Is there a need for the new sg_ioctl_iosubmit/sg_ioctl_ioreceive to support the v3 structures? Those are /not/ compatible, so you need extra code to handle the v3-compat layout as well. Supporting only v4 would simplify this. - the lack of changeset descriptions is a bit irritating and makes it much harder to understand what you are doing. - try to keep patches that move code around separate from those that change it in any other way, for better reviewing. - in "sg: preparation for request sharing", you seem to inadvertently change the size of "struct sg_extended_info", making it 4 bytes longer by adding two members. - You should never use IS_ERR_OR_NULL() in normal code, that is just a sign of a bad API. Make each function have consistent error behavior. - The "#if 0 /* temporary to shorten big patch */" trick breaks bisection, that is probably worse than the larger patch. - The split access_ok()/__copy_from_user() has fallen out of favor because it has caused too many bugs in the past, just use the combined copy_from_user() instead. - ktime_to_ns(ktime_get_with_offset(TK_OFFS_BOOT)) followed by a 64-bit division won't work on 32-bit machines, use ktime_get_boottime_ts64() instead.
Other additions described in the that document are these new ioctls:
- SG_IOSUBMIT ultimately to replace write(sg_fd, ...)
- SG_IORECEIVE to replace read(sg_fd, ...)
- SG_IOABORT abort SCSI cmd in progress; new functionality
- SG_SET_GET_EXTENDED has associated struct sg_extended_info
The first three take a pointer to a struct sg_io_hdr (v3 interface) or a struct sg_io_v4 object. Both objects start with a 32 bit integer: 'S' identifies the v3 interface while 'Q' identifies the v4 interface.
I think the magic character was a mistake in the original design, just like versioned interfaces in general. If you are extending an interface in an incompatible way, the normal way would be to have separate command codes, like SG_IORECEIVE_V3 and SG_IORECEIVE_V4, if you absolutely have to maintain compatiblity with the old interface (which I think you don't in case of SG_IORECEIVE).
For SG_IO, I can see why you want to support both the v3 and v4 structures plus the compat-v3 version, but I'd try to keep them as separate as possible, and do something like
static int sg_ctl_sg_io(struct file *filp, struct sg_device *sdp, struct sg_fd *sfp, void __user *p) { int ret;
ret = sg_io_v4(filp, sdp, sfp, (struct sg_io_v4 __user *)p);
if (ret != -ENOIOCTLCMD || !S_ENABLED(CONFIG_SG_IO_V3)) return ret;
if (in_compat_syscall()) ret = sg_io_compat_(filp, sdp, sfp, (struct compat_sg_io_hdr __user *)p); else ret = sg_io_v3(filp, sdp, sfp, (struct sg_io_hdr __user *)p); }
In my patch series, I combined the latter two cases and used a shared get_sg_io_hdr()/put_sg_io_hdr() helper as well as a wrapper for the iovec issue.
The SG_SET_GET_EXTENDED ioctl takes a pointer to a struct sg_extended_info object which contains explicitly sized integers so it may also be immune from "compat" problems. The ioctls section (13) of that document referenced above has a table showing how many "sets and gets" are hiding in the SG_SET_GET_EXTENDED ioctl.
Agreed, SG_SET_GET_EXTENDED looks fine to me from a compat perspective.
I've uploaded my patches to git://git.kernel.org:/pub/scm/linux/kernel/git/arnd/playground.git compat-ioctl-v3 This contains both the series I posted here, and my scsi ioctl rework.
Maybe you can take the bits you need from that to handle the v3-compat structures and integrate it into your series?
Arnd