* [PATCH] scsi: scsi_debug: Fix buffer size of REPORT ZONES command
@ 2021-12-06 12:29 Shin'ichiro Kawasaki
2021-12-06 13:35 ` Damien Le Moal
0 siblings, 1 reply; 3+ messages in thread
From: Shin'ichiro Kawasaki @ 2021-12-06 12:29 UTC (permalink / raw)
To: linux-scsi
Cc: Martin K . Petersen, Douglas Gilbert, Damien Le Moal,
Shinichiro Kawasaki
According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH
field of REPORT ZONES command is byte. However, current scsi_debug
implementation handles it as number of zones to calculate buffer size to
report zones. When the ALLOCATION LENGTH has a large number, this
results in too large buffer size and causes memory allocation failure.
Fix the failure by handling ALLOCATION LENGTH as byte unit.
Fixes: f0d1cf9378bd ("scsi: scsi_debug: Add ZBC zone commands")
Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
---
drivers/scsi/scsi_debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 3c0da3770edf..74513129b36d 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -4342,7 +4342,7 @@ static int resp_report_zones(struct scsi_cmnd *scp,
rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD),
max_zones);
- arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC);
+ arr = kcalloc(1, alloc_len, GFP_ATOMIC);
if (!arr) {
mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
INSUFF_RES_ASCQ);
--
2.33.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] scsi: scsi_debug: Fix buffer size of REPORT ZONES command
2021-12-06 12:29 [PATCH] scsi: scsi_debug: Fix buffer size of REPORT ZONES command Shin'ichiro Kawasaki
@ 2021-12-06 13:35 ` Damien Le Moal
2021-12-07 0:54 ` Shinichiro Kawasaki
0 siblings, 1 reply; 3+ messages in thread
From: Damien Le Moal @ 2021-12-06 13:35 UTC (permalink / raw)
To: Shin'ichiro Kawasaki, linux-scsi; +Cc: Martin K . Petersen, Douglas Gilbert
On 2021/12/06 21:29, Shin'ichiro Kawasaki wrote:
> According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH
> field of REPORT ZONES command is byte. However, current scsi_debug
> implementation handles it as number of zones to calculate buffer size to
> report zones. When the ALLOCATION LENGTH has a large number, this
> results in too large buffer size and causes memory allocation failure.
> Fix the failure by handling ALLOCATION LENGTH as byte unit.
>
> Fixes: f0d1cf9378bd ("scsi: scsi_debug: Add ZBC zone commands")
> Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
> ---
> drivers/scsi/scsi_debug.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
> index 3c0da3770edf..74513129b36d 100644
> --- a/drivers/scsi/scsi_debug.c
> +++ b/drivers/scsi/scsi_debug.c
> @@ -4342,7 +4342,7 @@ static int resp_report_zones(struct scsi_cmnd *scp,
> rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD),
> max_zones);
>
> - arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC);
> + arr = kcalloc(1, alloc_len, GFP_ATOMIC);
Then maybe use kzalloc here ? No need for kcalloc...
> if (!arr) {
> mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
> INSUFF_RES_ASCQ);
>
--
Damien Le Moal
Western Digital Research
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] scsi: scsi_debug: Fix buffer size of REPORT ZONES command
2021-12-06 13:35 ` Damien Le Moal
@ 2021-12-07 0:54 ` Shinichiro Kawasaki
0 siblings, 0 replies; 3+ messages in thread
From: Shinichiro Kawasaki @ 2021-12-07 0:54 UTC (permalink / raw)
To: Damien Le Moal; +Cc: linux-scsi, Martin K . Petersen, Douglas Gilbert
On Dec 06, 2021 / 22:35, Damien Le Moal wrote:
> On 2021/12/06 21:29, Shin'ichiro Kawasaki wrote:
> > According to ZBC and SPC specifications, the unit of ALLOCATION LENGTH
> > field of REPORT ZONES command is byte. However, current scsi_debug
> > implementation handles it as number of zones to calculate buffer size to
> > report zones. When the ALLOCATION LENGTH has a large number, this
> > results in too large buffer size and causes memory allocation failure.
> > Fix the failure by handling ALLOCATION LENGTH as byte unit.
> >
> > Fixes: f0d1cf9378bd ("scsi: scsi_debug: Add ZBC zone commands")
> > Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
> > ---
> > drivers/scsi/scsi_debug.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
> > index 3c0da3770edf..74513129b36d 100644
> > --- a/drivers/scsi/scsi_debug.c
> > +++ b/drivers/scsi/scsi_debug.c
> > @@ -4342,7 +4342,7 @@ static int resp_report_zones(struct scsi_cmnd *scp,
> > rep_max_zones = min((alloc_len - 64) >> ilog2(RZONES_DESC_HD),
> > max_zones);
> >
> > - arr = kcalloc(RZONES_DESC_HD, alloc_len, GFP_ATOMIC);
> > + arr = kcalloc(1, alloc_len, GFP_ATOMIC);
>
> Then maybe use kzalloc here ? No need for kcalloc...
Indeed. Will post v2.
--
Best Regards,
Shin'ichiro Kawasaki
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-12-07 0:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-06 12:29 [PATCH] scsi: scsi_debug: Fix buffer size of REPORT ZONES command Shin'ichiro Kawasaki
2021-12-06 13:35 ` Damien Le Moal
2021-12-07 0:54 ` Shinichiro Kawasaki
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.