From patchwork Thu Dec 17 20:33:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Parri X-Patchwork-Id: 11980771 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85D34C2BBCD for ; Thu, 17 Dec 2020 20:35:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5B34D23A1E for ; Thu, 17 Dec 2020 20:35:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731514AbgLQUec (ORCPT ); Thu, 17 Dec 2020 15:34:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727088AbgLQUeb (ORCPT ); Thu, 17 Dec 2020 15:34:31 -0500 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15E5DC0617A7; Thu, 17 Dec 2020 12:33:51 -0800 (PST) Received: by mail-wr1-x42d.google.com with SMTP id w5so24176125wrm.11; Thu, 17 Dec 2020 12:33:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=D2EkVR3dxU3bZL0ia74uk0mklAzjaKcVTJH27BwnHqA=; b=qNDfI+w1vtEUNGIewrPPL0sxPrUbw/Gafc96TEevd0Z4rkO1F3U9ZHZW6gN9qvKSNr hb5jqTx5WORXv64t6jO1luDSlSL07w3aL73DYjIwWXIUqc6ivcvWneKtTuaMi9unhyYP BOnODLkPq03V8gRmgrMcLkPtY6RWHW67Cgtmc9585mwKqjkKfx4SOVFQW3nggH4ZlXfA hQyqEqk8EhBU8nUH5etHVXmoeNirrTPo2z+TdM08DfZ8FhTGXyk9LinJK3UGbzuJrGyL UTd5kuPCk2YpuwtWWr+2ORBRQty9iwiFrelbJfHFjQ7dbj3q0TOUSeE5gYMEgKoDYFWH J/hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=D2EkVR3dxU3bZL0ia74uk0mklAzjaKcVTJH27BwnHqA=; b=rxPDy5NCyvuU1bX+CmMJUDh3/2PydBLwheGDuvIgCCvk9fcof8y+hxvhFNxroLOfjp 7E6UrZryhetTXNZg6heYw4SDU+eFuEQKiYHQiY8WppPmRJcfDR7FuWDKq2U/gZtJSu0Z XQAYqNYPQzYZD6IufJNQ1z6G5HQkjZ3IRllguDMBDB8gDxr9eJiKkHzPnA1VQ1sB1jwZ dk5qt11k8OulwsReLbYnudnV6TjjWgKU2CDzDBT2/hV6LMs4F9Ez4Vg/IRgMZc6VpRWs 9hWXT9zKWllwfRxJhpeb3mWdy71AKg9GbujkAamWABl0CTA9K3stKngEPfNdF0h2mPLJ xiYg== X-Gm-Message-State: AOAM5314DCKtD3hxfl8PTgwKNRjfQOzTgnaA7atflvdxpFzRgy9KIlj/ 5QUmfKh4+LOaHgV9citMsFaGlA1E6Ke/2TPe X-Google-Smtp-Source: ABdhPJwIPo6y7byUWOne15a0dLqXv8x2zFHV6U/0dtBbvNOVSsOpQaERlAWbFcVuD+KqnkLhGIZnCg== X-Received: by 2002:adf:f0d0:: with SMTP id x16mr655177wro.162.1608237229537; Thu, 17 Dec 2020 12:33:49 -0800 (PST) Received: from localhost.localdomain (host-95-239-64-30.retail.telecomitalia.it. [95.239.64.30]) by smtp.gmail.com with ESMTPSA id a62sm11729128wmh.40.2020.12.17.12.33.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Dec 2020 12:33:49 -0800 (PST) From: "Andrea Parri (Microsoft)" To: linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org Cc: "K . Y . Srinivasan" , Haiyang Zhang , Stephen Hemminger , Wei Liu , Dexuan Cui , Michael Kelley , Saruhan Karademir , Juan Vazquez , "Andrea Parri (Microsoft)" , "James E.J. Bottomley" , "Martin K. Petersen" , linux-scsi@vger.kernel.org Subject: [PATCH 1/3] scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer Date: Thu, 17 Dec 2020 21:33:19 +0100 Message-Id: <20201217203321.4539-2-parri.andrea@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201217203321.4539-1-parri.andrea@gmail.com> References: <20201217203321.4539-1-parri.andrea@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Current code overestimates the value of max_outstanding_req_per_channel for Win8 and newer hosts, since vmscsi_size_delta is set to the initial value of sizeof(vmscsi_win8_extension) rather than zero. This may lead to wrong decisions when using ring_avail_percent_lowater equals to zero. The estimate of max_outstanding_req_per_channel is 'exact' for Win7 and older hosts. A better choice, keeping the algorithm for the estimation simple, is to err the other way around, i.e., to underestimate for Win7 and older but to use the exact value for Win8 and newer. Suggested-by: Dexuan Cui Signed-off-by: Andrea Parri (Microsoft) Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org Reviewed-by: Dexuan Cui Reviewed-by: Michael Kelley --- drivers/scsi/storvsc_drv.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c index ded00a89bfc4e..64298aa2f151e 100644 --- a/drivers/scsi/storvsc_drv.c +++ b/drivers/scsi/storvsc_drv.c @@ -2141,12 +2141,15 @@ static int __init storvsc_drv_init(void) * than the ring buffer size since that page is reserved for * the ring buffer indices) by the max request size (which is * vmbus_channel_packet_multipage_buffer + struct vstor_packet + u64) + * + * The computation underestimates max_outstanding_req_per_channel + * for Win7 and older hosts because it does not take into account + * the vmscsi_size_delta correction to the max request size. */ max_outstanding_req_per_channel = ((storvsc_ringbuffer_size - PAGE_SIZE) / ALIGN(MAX_MULTIPAGE_BUFFER_PACKET + - sizeof(struct vstor_packet) + sizeof(u64) - - vmscsi_size_delta, + sizeof(struct vstor_packet) + sizeof(u64), sizeof(u64))); #if IS_ENABLED(CONFIG_SCSI_FC_ATTRS) From patchwork Thu Dec 17 20:33:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Parri X-Patchwork-Id: 11980773 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06198C2D0E4 for ; Thu, 17 Dec 2020 20:35:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D4668239FE for ; Thu, 17 Dec 2020 20:35:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731558AbgLQUee (ORCPT ); Thu, 17 Dec 2020 15:34:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36282 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731551AbgLQUed (ORCPT ); Thu, 17 Dec 2020 15:34:33 -0500 Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53AF2C0617B0; Thu, 17 Dec 2020 12:33:53 -0800 (PST) Received: by mail-wr1-x436.google.com with SMTP id m5so27885382wrx.9; Thu, 17 Dec 2020 12:33:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JLhYv2plnIrynx5NUImRq2YwHRg3JhpcreVENKeT2U4=; b=jg92lS2PeB9kHQTADGed6FWU0rgQn4s0I7NcmsvHN6kzD8p/BCJW46DWUKr/zTOfwX xytDGg+5trVGzrmCwx1d8itL0lT6hLbAlJyS/krxW0Ed4IZCwbflVMnaAUOMa1jW9aI5 IWz66EQgfxIOnd+YmhZa/nLqoGA9k3qIe67hT8PmS6hO3EuFRehl59wE44PEvt1yWQo2 tvV8+yN/tv8c4zHyk6g9bhzS5R9T2bpFpIa0OzQBdCI6laWeXWwXN0pLQoHeuMoJwmQl C6JYG+03XqItTdLlLKXdoFpL4kPu7NvbOCL4hMxWLCZ9MsFy5eEOrbkMc+kSqblTBPWw Pk3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JLhYv2plnIrynx5NUImRq2YwHRg3JhpcreVENKeT2U4=; b=amSgmya//sOXMp+Rtxnnz0Qo3oFblQC8mWmWptLeb+RT742l7lTX2dWuDQK4GPUyQG JQ5CiiKBgrR6QW0Of7iIH9+41lm5hY+4TH1ccA8QVivP6+6dLnlA8HyIOIBhlTKMu+w9 FDhFUF4RQ2eHWNP0sbvYFEpXP7ZPHE1xMx6yoc4sG7Umzb/ABtD805oJG8sgPr2fF3uK 7gNYwomv6OkoEle6bXmlAqbo6F/o0xfcu/sO0EGSOIiu7i+dLRFptAte6yNoa/XIDia4 sY0ntDBn+BLol7p3cfiIom3WOIxb5B5C37vzfmv7tgVp9DAjgVK8BonTQBXohSlWKaDQ 1Xig== X-Gm-Message-State: AOAM532XJkhqcyzXKQeO0Kv8tuKJxjuJypsMHi3Lf8FgV2c8IUWLWnX5 BFXQ0qTdDQJX2FufeqgoKEw+T0N4siSygXLI X-Google-Smtp-Source: ABdhPJx6x4tfp0LLbcj7I/I68ZJumrdIOU3ISdG25sz2Eb0CHZbY6PO+R6W88RZcgr7uJcb30xaR6Q== X-Received: by 2002:a5d:6888:: with SMTP id h8mr638542wru.268.1608237231730; Thu, 17 Dec 2020 12:33:51 -0800 (PST) Received: from localhost.localdomain (host-95-239-64-30.retail.telecomitalia.it. [95.239.64.30]) by smtp.gmail.com with ESMTPSA id a62sm11729128wmh.40.2020.12.17.12.33.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Dec 2020 12:33:51 -0800 (PST) From: "Andrea Parri (Microsoft)" To: linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org Cc: "K . Y . Srinivasan" , Haiyang Zhang , Stephen Hemminger , Wei Liu , Dexuan Cui , Michael Kelley , Saruhan Karademir , Juan Vazquez , "Andrea Parri (Microsoft)" , "James E.J. Bottomley" , "Martin K. Petersen" , linux-scsi@vger.kernel.org Subject: [PATCH 2/3] scsi: storvsc: Resolve data race in storvsc_probe() Date: Thu, 17 Dec 2020 21:33:20 +0100 Message-Id: <20201217203321.4539-3-parri.andrea@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201217203321.4539-1-parri.andrea@gmail.com> References: <20201217203321.4539-1-parri.andrea@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org vmscsi_size_delta can be written concurrently by multiple instances of storvsc_probe(), corresponding to multiple synthetic IDE/SCSI devices; cf. storvsc_drv's probe_type == PROBE_PREFER_ASYNCHRONOUS. Change the global variable vmscsi_size_delta to per-synthetic-IDE/SCSI-device. Suggested-by: Dexuan Cui Signed-off-by: Andrea Parri (Microsoft) Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org Reviewed-by: Dexuan Cui Reviewed-by: Michael Kelley --- drivers/scsi/storvsc_drv.c | 45 +++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c index 64298aa2f151e..8714355cb63e7 100644 --- a/drivers/scsi/storvsc_drv.c +++ b/drivers/scsi/storvsc_drv.c @@ -216,18 +216,6 @@ struct vmscsi_request { } __attribute((packed)); - -/* - * The size of the vmscsi_request has changed in win8. The - * additional size is because of new elements added to the - * structure. These elements are valid only when we are talking - * to a win8 host. - * Track the correction to size we need to apply. This value - * will likely change during protocol negotiation but it is - * valid to start by assuming pre-Win8. - */ -static int vmscsi_size_delta = sizeof(struct vmscsi_win8_extension); - /* * The list of storage protocols in order of preference. */ @@ -449,6 +437,17 @@ struct storvsc_device { unsigned char path_id; unsigned char target_id; + /* + * The size of the vmscsi_request has changed in win8. The + * additional size is because of new elements added to the + * structure. These elements are valid only when we are talking + * to a win8 host. + * Track the correction to size we need to apply. This value + * will likely change during protocol negotiation but it is + * valid to start by assuming pre-Win8. + */ + int vmscsi_size_delta; + /* * Max I/O, the device can support. */ @@ -762,7 +761,7 @@ static void handle_multichannel_storage(struct hv_device *device, int max_chns) ret = vmbus_sendpacket(device->channel, vstor_packet, (sizeof(struct vstor_packet) - - vmscsi_size_delta), + stor_device->vmscsi_size_delta), (unsigned long)request, VM_PKT_DATA_INBAND, VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED); @@ -816,9 +815,14 @@ static int storvsc_execute_vstor_op(struct hv_device *device, struct storvsc_cmd_request *request, bool status_check) { + struct storvsc_device *stor_device; struct vstor_packet *vstor_packet; int ret, t; + stor_device = get_out_stor_device(device); + if (!stor_device) + return -ENODEV; + vstor_packet = &request->vstor_packet; init_completion(&request->wait_event); @@ -826,7 +830,7 @@ static int storvsc_execute_vstor_op(struct hv_device *device, ret = vmbus_sendpacket(device->channel, vstor_packet, (sizeof(struct vstor_packet) - - vmscsi_size_delta), + stor_device->vmscsi_size_delta), (unsigned long)request, VM_PKT_DATA_INBAND, VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED); @@ -903,7 +907,7 @@ static int storvsc_channel_init(struct hv_device *device, bool is_fc) sense_buffer_size = vmstor_protocols[i].sense_buffer_size; - vmscsi_size_delta = + stor_device->vmscsi_size_delta = vmstor_protocols[i].vmscsi_size_delta; break; @@ -1249,7 +1253,7 @@ static void storvsc_on_channel_callback(void *context) if (request == &stor_device->init_request || request == &stor_device->reset_request) { memcpy(&request->vstor_packet, packet, - (sizeof(struct vstor_packet) - vmscsi_size_delta)); + (sizeof(struct vstor_packet) - stor_device->vmscsi_size_delta)); complete(&request->wait_event); } else { storvsc_on_receive(stor_device, packet, request); @@ -1461,7 +1465,7 @@ static int storvsc_do_io(struct hv_device *device, vstor_packet->flags |= REQUEST_COMPLETION_FLAG; vstor_packet->vm_srb.length = (sizeof(struct vmscsi_request) - - vmscsi_size_delta); + stor_device->vmscsi_size_delta); vstor_packet->vm_srb.sense_info_length = sense_buffer_size; @@ -1478,12 +1482,12 @@ static int storvsc_do_io(struct hv_device *device, request->payload, request->payload_sz, vstor_packet, (sizeof(struct vstor_packet) - - vmscsi_size_delta), + stor_device->vmscsi_size_delta), (unsigned long)request); } else { ret = vmbus_sendpacket(outgoing_channel, vstor_packet, (sizeof(struct vstor_packet) - - vmscsi_size_delta), + stor_device->vmscsi_size_delta), (unsigned long)request, VM_PKT_DATA_INBAND, VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED); @@ -1589,7 +1593,7 @@ static int storvsc_host_reset_handler(struct scsi_cmnd *scmnd) ret = vmbus_sendpacket(device->channel, vstor_packet, (sizeof(struct vstor_packet) - - vmscsi_size_delta), + stor_device->vmscsi_size_delta), (unsigned long)&stor_device->reset_request, VM_PKT_DATA_INBAND, VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED); @@ -1939,6 +1943,7 @@ static int storvsc_probe(struct hv_device *device, init_waitqueue_head(&stor_device->waiting_to_drain); stor_device->device = device; stor_device->host = host; + stor_device->vmscsi_size_delta = sizeof(struct vmscsi_win8_extension); spin_lock_init(&stor_device->lock); hv_set_drvdata(device, stor_device); From patchwork Thu Dec 17 20:33:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Parri X-Patchwork-Id: 11980775 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4389EC3526D for ; Thu, 17 Dec 2020 20:35:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 18083239FE for ; Thu, 17 Dec 2020 20:35:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731600AbgLQUeg (ORCPT ); Thu, 17 Dec 2020 15:34:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36290 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731595AbgLQUef (ORCPT ); Thu, 17 Dec 2020 15:34:35 -0500 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 484DFC06138C; Thu, 17 Dec 2020 12:33:55 -0800 (PST) Received: by mail-wm1-x331.google.com with SMTP id r4so163543wmh.5; Thu, 17 Dec 2020 12:33:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gQGWPM/sf8+J1RLMjv3ZaWA/7DvHetdsTdc1DOQtFJQ=; b=qQikXu51Qi9p3EQTAoWNtLzcEEHx9Kz0wZB/60aM5LTsJCBfmY6s87JDfUxpYcF5Cm U1sIg7LPP64Rn1Ox2oOwk8xsX4H47lWqfM9K95gsaz96Onhi/hWiRDXiCNqP3AoWBNZm XeZnXJMbAy/tkoIpb7DcKMJnIjSkz54Rvm19/BdeTj5HW6fflJf05Yt5CcN+811CS2x6 1N1KQo9awFYDJvAqDDIjJmbAaqZ3VaYg3cnzGfTQDFGKblBXTl0qAU0TQpbJAI+4Wf54 wtx94CGODvCKpaY9PJWPZeYaz/42GwxhSIaGI/HoLkinsD4rvyJx6tIiMvIXJaAekrpr k+kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gQGWPM/sf8+J1RLMjv3ZaWA/7DvHetdsTdc1DOQtFJQ=; b=GQnSiu5jwwEXsx794a4EYLK1R9wq9qdL7JimL3GxKi+jt8mqLmsKf/G+UuMieBUXRx IZJu16rqxqXObpt3jsQMNTbpSDTQVwH+1PSetctNTbYGZvdepn9aSnh+BFFuGuJbOAoJ jS5R/30k8x9Q8iY3g2F/GzznJjxBlo9iKLQPGCcZF48i3njhhHNVIN3ab95hvMu28MBd OL9P5CptlJWQrPGU8MTF9WdSKcAACtVCcx0vtyCezKz1uHuL8JSVQgQR7HuF3PTr4EhS Bd0cXA5tvCWTydTEnD9nnq4NkcYpDWuZxqGQdkA2r/hR+bvYbJbku91KyiZ0Mg0PeHkq 1d8Q== X-Gm-Message-State: AOAM531Qet9EQSFA+ReI+4/9yXqM15/YMbrpljnxNEqTGp8N1FDflRGh 23CQH6SDlXZjD6FwRr3TOfWIEqvOrtYbvd79 X-Google-Smtp-Source: ABdhPJzHhkG60AUjmunNTz3OqiaOhMWdwUPpzrmUPPmz9Ttw2uRDJTCtpDLdFCTPRlwZsVlESFHdVw== X-Received: by 2002:a1c:770d:: with SMTP id t13mr1036395wmi.153.1608237233745; Thu, 17 Dec 2020 12:33:53 -0800 (PST) Received: from localhost.localdomain (host-95-239-64-30.retail.telecomitalia.it. [95.239.64.30]) by smtp.gmail.com with ESMTPSA id a62sm11729128wmh.40.2020.12.17.12.33.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Dec 2020 12:33:53 -0800 (PST) From: "Andrea Parri (Microsoft)" To: linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org Cc: "K . Y . Srinivasan" , Haiyang Zhang , Stephen Hemminger , Wei Liu , Dexuan Cui , Michael Kelley , Saruhan Karademir , Juan Vazquez , "Andrea Parri (Microsoft)" , "James E.J. Bottomley" , "Martin K. Petersen" , linux-scsi@vger.kernel.org Subject: [PATCH 3/3] scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() Date: Thu, 17 Dec 2020 21:33:21 +0100 Message-Id: <20201217203321.4539-4-parri.andrea@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201217203321.4539-1-parri.andrea@gmail.com> References: <20201217203321.4539-1-parri.andrea@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Check that the packet is of the expected size at least, don't copy data past the packet. Reported-by: Saruhan Karademir Signed-off-by: Andrea Parri (Microsoft) Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org Reviewed-by: Dexuan Cui Reviewed-by: Michael Kelley --- drivers/scsi/storvsc_drv.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c index 8714355cb63e7..4b8bde2750fac 100644 --- a/drivers/scsi/storvsc_drv.c +++ b/drivers/scsi/storvsc_drv.c @@ -1250,6 +1250,12 @@ static void storvsc_on_channel_callback(void *context) request = (struct storvsc_cmd_request *) ((unsigned long)desc->trans_id); + if (hv_pkt_datalen(desc) < sizeof(struct vstor_packet) - + stor_device->vmscsi_size_delta) { + dev_err(&device->device, "Invalid packet len\n"); + continue; + } + if (request == &stor_device->init_request || request == &stor_device->reset_request) { memcpy(&request->vstor_packet, packet,