Message ID | 20211206122939.105942-1-shinichiro.kawasaki@wdc.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | scsi: scsi_debug: Fix buffer size of REPORT ZONES command | expand |
On 2021/12/06 21:29, Shin'ichiro Kawasaki wrote: > According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH > field of REPORT ZONES command is byte. However, current scsi_debug > implementation handles it as number of zones to calculate buffer size to > report zones. When the ALLOCATION LENGTH has a large number, this > results in too large buffer size and causes memory allocation failure. > Fix the failure by handling ALLOCATION LENGTH as byte unit. > > Fixes: f0d1cf9378bd ("scsi: scsi_debug: Add ZBC zone commands") > Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com> > --- > drivers/scsi/scsi_debug.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c > index 3c0da3770edf..74513129b36d 100644 > --- a/drivers/scsi/scsi_debug.c > +++ b/drivers/scsi/scsi_debug.c > @@ -4342,7 +4342,7 @@ static int resp_report_zones(struct scsi_cmnd *scp, > rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD), > max_zones); > > - arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC); > + arr = kcalloc(1, alloc_len, GFP_ATOMIC); Then maybe use kzalloc here ? No need for kcalloc... > if (!arr) { > mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC, > INSUFF_RES_ASCQ); >
On Dec 06, 2021 / 22:35, Damien Le Moal wrote: > On 2021/12/06 21:29, Shin'ichiro Kawasaki wrote: > > According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH > > field of REPORT ZONES command is byte. However, current scsi_debug > > implementation handles it as number of zones to calculate buffer size to > > report zones. When the ALLOCATION LENGTH has a large number, this > > results in too large buffer size and causes memory allocation failure. > > Fix the failure by handling ALLOCATION LENGTH as byte unit. > > > > Fixes: f0d1cf9378bd ("scsi: scsi_debug: Add ZBC zone commands") > > Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com> > > --- > > drivers/scsi/scsi_debug.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c > > index 3c0da3770edf..74513129b36d 100644 > > --- a/drivers/scsi/scsi_debug.c > > +++ b/drivers/scsi/scsi_debug.c > > @@ -4342,7 +4342,7 @@ static int resp_report_zones(struct scsi_cmnd *scp, > > rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD), > > max_zones); > > > > - arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC); > > + arr = kcalloc(1, alloc_len, GFP_ATOMIC); > > Then maybe use kzalloc here ? No need for kcalloc... Indeed. Will post v2.
diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c index 3c0da3770edf..74513129b36d 100644 --- a/drivers/scsi/scsi_debug.c +++ b/drivers/scsi/scsi_debug.c @@ -4342,7 +4342,7 @@ static int resp_report_zones(struct scsi_cmnd *scp, rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD), max_zones); - arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC); + arr = kcalloc(1, alloc_len, GFP_ATOMIC); if (!arr) { mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC, INSUFF_RES_ASCQ);
According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH field of REPORT ZONES command is byte. However, current scsi_debug implementation handles it as number of zones to calculate buffer size to report zones. When the ALLOCATION LENGTH has a large number, this results in too large buffer size and causes memory allocation failure. Fix the failure by handling ALLOCATION LENGTH as byte unit. Fixes: f0d1cf9378bd ("scsi: scsi_debug: Add ZBC zone commands") Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com> --- drivers/scsi/scsi_debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)