All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] scsi: scsi_debug: Fix buffer size of REPORT ZONES command
@ 2021-12-06 12:29 Shin'ichiro Kawasaki
  2021-12-06 13:35 ` Damien Le Moal
  0 siblings, 1 reply; 3+ messages in thread
From: Shin'ichiro Kawasaki @ 2021-12-06 12:29 UTC (permalink / raw)
  To: linux-scsi
  Cc: Martin K . Petersen, Douglas Gilbert, Damien Le Moal,
	Shinichiro Kawasaki

According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH
field of REPORT ZONES command is byte. However, current scsi_debug
implementation handles it as number of zones to calculate buffer size to
report zones. When the ALLOCATION LENGTH has a large number, this
results in too large buffer size and causes memory allocation failure.
Fix the failure by handling ALLOCATION LENGTH as byte unit.

Fixes: f0d1cf9378bd ("scsi: scsi_debug: Add ZBC zone commands")
Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
---
 drivers/scsi/scsi_debug.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 3c0da3770edf..74513129b36d 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -4342,7 +4342,7 @@ static int resp_report_zones(struct scsi_cmnd *scp,
 	rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD),
 			    max_zones);
 
-	arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC);
+	arr = kcalloc(1, alloc_len, GFP_ATOMIC);
 	if (!arr) {
 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
 				INSUFF_RES_ASCQ);
-- 
2.33.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] scsi: scsi_debug: Fix buffer size of REPORT ZONES command
  2021-12-06 12:29 [PATCH] scsi: scsi_debug: Fix buffer size of REPORT ZONES command Shin'ichiro Kawasaki
@ 2021-12-06 13:35 ` Damien Le Moal
  2021-12-07  0:54   ` Shinichiro Kawasaki
  0 siblings, 1 reply; 3+ messages in thread
From: Damien Le Moal @ 2021-12-06 13:35 UTC (permalink / raw)
  To: Shin'ichiro Kawasaki, linux-scsi; +Cc: Martin K . Petersen, Douglas Gilbert

On 2021/12/06 21:29, Shin'ichiro Kawasaki wrote:
> According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH
> field of REPORT ZONES command is byte. However, current scsi_debug
> implementation handles it as number of zones to calculate buffer size to
> report zones. When the ALLOCATION LENGTH has a large number, this
> results in too large buffer size and causes memory allocation failure.
> Fix the failure by handling ALLOCATION LENGTH as byte unit.
> 
> Fixes: f0d1cf9378bd ("scsi: scsi_debug: Add ZBC zone commands")
> Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
> ---
>  drivers/scsi/scsi_debug.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
> index 3c0da3770edf..74513129b36d 100644
> --- a/drivers/scsi/scsi_debug.c
> +++ b/drivers/scsi/scsi_debug.c
> @@ -4342,7 +4342,7 @@ static int resp_report_zones(struct scsi_cmnd *scp,
>  	rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD),
>  			    max_zones);
>  
> -	arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC);
> +	arr = kcalloc(1, alloc_len, GFP_ATOMIC);

Then maybe use kzalloc here ? No need for kcalloc...

>  	if (!arr) {
>  		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
>  				INSUFF_RES_ASCQ);
> 


-- 
Damien Le Moal
Western Digital Research

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] scsi: scsi_debug: Fix buffer size of REPORT ZONES command
  2021-12-06 13:35 ` Damien Le Moal
@ 2021-12-07  0:54   ` Shinichiro Kawasaki
  0 siblings, 0 replies; 3+ messages in thread
From: Shinichiro Kawasaki @ 2021-12-07  0:54 UTC (permalink / raw)
  To: Damien Le Moal; +Cc: linux-scsi, Martin K . Petersen, Douglas Gilbert

On Dec 06, 2021 / 22:35, Damien Le Moal wrote:
> On 2021/12/06 21:29, Shin'ichiro Kawasaki wrote:
> > According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH
> > field of REPORT ZONES command is byte. However, current scsi_debug
> > implementation handles it as number of zones to calculate buffer size to
> > report zones. When the ALLOCATION LENGTH has a large number, this
> > results in too large buffer size and causes memory allocation failure.
> > Fix the failure by handling ALLOCATION LENGTH as byte unit.
> > 
> > Fixes: f0d1cf9378bd ("scsi: scsi_debug: Add ZBC zone commands")
> > Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
> > ---
> >  drivers/scsi/scsi_debug.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
> > index 3c0da3770edf..74513129b36d 100644
> > --- a/drivers/scsi/scsi_debug.c
> > +++ b/drivers/scsi/scsi_debug.c
> > @@ -4342,7 +4342,7 @@ static int resp_report_zones(struct scsi_cmnd *scp,
> >  	rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD),
> >  			    max_zones);
> >  
> > -	arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC);
> > +	arr = kcalloc(1, alloc_len, GFP_ATOMIC);
> 
> Then maybe use kzalloc here ? No need for kcalloc...

Indeed. Will post v2.

-- 
Best Regards,
Shin'ichiro Kawasaki

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-12-07  0:54 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-06 12:29 [PATCH] scsi: scsi_debug: Fix buffer size of REPORT ZONES command Shin'ichiro Kawasaki
2021-12-06 13:35 ` Damien Le Moal
2021-12-07  0:54   ` Shinichiro Kawasaki

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.