All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2] scsi: scsi_debug: Fix buffer size of REPORT ZONES command
@ 2021-12-07  1:06 Shin'ichiro Kawasaki
  2021-12-07  2:01 ` Damien Le Moal
  2021-12-07  3:45 ` Martin K. Petersen
  0 siblings, 2 replies; 3+ messages in thread
From: Shin'ichiro Kawasaki @ 2021-12-07  1:06 UTC (permalink / raw)
  To: linux-scsi
  Cc: Martin K . Petersen, Douglas Gilbert, Damien Le Moal,
	Shinichiro Kawasaki

According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH
field of REPORT ZONES command is byte. However, current scsi_debug
implementation handles it as number of zones to calculate buffer size to
report zones. When the ALLOCATION LENGTH has a large number, this
results in too large buffer size and causes memory allocation failure.
Fix the failure by handling ALLOCATION LENGTH as byte unit.

Fixes: f0d1cf9378bd ("scsi: scsi_debug: Add ZBC zone commands")
Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
---
Changes from v1:
* Use kzalloc in place of kcalloc

 drivers/scsi/scsi_debug.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 3c0da3770edf..2104973a35cd 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -4342,7 +4342,7 @@ static int resp_report_zones(struct scsi_cmnd *scp,
 	rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD),
 			    max_zones);
 
-	arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC);
+	arr = kzalloc(alloc_len, GFP_ATOMIC);
 	if (!arr) {
 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
 				INSUFF_RES_ASCQ);
-- 
2.33.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] scsi: scsi_debug: Fix buffer size of REPORT ZONES command
  2021-12-07  1:06 [PATCH v2] scsi: scsi_debug: Fix buffer size of REPORT ZONES command Shin'ichiro Kawasaki
@ 2021-12-07  2:01 ` Damien Le Moal
  2021-12-07  3:45 ` Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Damien Le Moal @ 2021-12-07  2:01 UTC (permalink / raw)
  To: Shin'ichiro Kawasaki, linux-scsi; +Cc: Martin K . Petersen, Douglas Gilbert

On 2021/12/07 10:06, Shin'ichiro Kawasaki wrote:
> According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH
> field of REPORT ZONES command is byte. However, current scsi_debug
> implementation handles it as number of zones to calculate buffer size to
> report zones. When the ALLOCATION LENGTH has a large number, this
> results in too large buffer size and causes memory allocation failure.
> Fix the failure by handling ALLOCATION LENGTH as byte unit.
> 
> Fixes: f0d1cf9378bd ("scsi: scsi_debug: Add ZBC zone commands")
> Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
> ---
> Changes from v1:
> * Use kzalloc in place of kcalloc
> 
>  drivers/scsi/scsi_debug.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
> index 3c0da3770edf..2104973a35cd 100644
> --- a/drivers/scsi/scsi_debug.c
> +++ b/drivers/scsi/scsi_debug.c
> @@ -4342,7 +4342,7 @@ static int resp_report_zones(struct scsi_cmnd *scp,
>  	rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD),
>  			    max_zones);
>  
> -	arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC);
> +	arr = kzalloc(alloc_len, GFP_ATOMIC);
>  	if (!arr) {
>  		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
>  				INSUFF_RES_ASCQ);
> 

Looks good to me.

Reviewed-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>

-- 
Damien Le Moal
Western Digital Research

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] scsi: scsi_debug: Fix buffer size of REPORT ZONES command
  2021-12-07  1:06 [PATCH v2] scsi: scsi_debug: Fix buffer size of REPORT ZONES command Shin'ichiro Kawasaki
  2021-12-07  2:01 ` Damien Le Moal
@ 2021-12-07  3:45 ` Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Martin K. Petersen @ 2021-12-07  3:45 UTC (permalink / raw)
  To: linux-scsi, Shin'ichiro Kawasaki
  Cc: Martin K . Petersen, Damien Le Moal, Douglas Gilbert

On Tue, 7 Dec 2021 10:06:38 +0900, Shin'ichiro Kawasaki wrote:

> According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH
> field of REPORT ZONES command is byte. However, current scsi_debug
> implementation handles it as number of zones to calculate buffer size to
> report zones. When the ALLOCATION LENGTH has a large number, this
> results in too large buffer size and causes memory allocation failure.
> Fix the failure by handling ALLOCATION LENGTH as byte unit.
> 
> [...]

Applied to 5.16/scsi-fixes, thanks!

[1/1] scsi: scsi_debug: Fix buffer size of REPORT ZONES command
      https://git.kernel.org/mkp/scsi/c/7db0e0c8190a

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-12-07  3:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-07  1:06 [PATCH v2] scsi: scsi_debug: Fix buffer size of REPORT ZONES command Shin'ichiro Kawasaki
2021-12-07  2:01 ` Damien Le Moal
2021-12-07  3:45 ` Martin K. Petersen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.