[PATCH 4.20 145/183] scsi: sd_zbc: Fix sd_zbc_report_zones() buffer allocation

From: Greg Kroah-Hartman
Date: Mon Feb 25 2019 - 16:37:15 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.20 146/183] RDMA/srp: Rework SCSI device reset handling"
Previous message: Greg Kroah-Hartman: "[PATCH 4.20 144/183] net/mlx5e: XDP, fix redirect resources availability check"
In reply to: Greg Kroah-Hartman: "[PATCH 4.20 144/183] net/mlx5e: XDP, fix redirect resources availability check"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.20 146/183] RDMA/srp: Rework SCSI device reset handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.20-stable review patch. If anyone has any objections, please let me know.

------------------

From: Masato Suzuki <masato.suzuki@xxxxxxx>

commit 515ce60613128be7a176a8b82b20c7624f3b440d upstream.

The function sd_zbc_do_report_zones() issues a REPORT ZONES command with a
buffer size calculated based on the number of zones requested by the
caller. This value should however not exceed the capabilities of the
hardware maximum command size, that is, should not exceed the
max_hw_sectors limit of the device. This problem leads to failures of
report zones commands when re-validating disks with some SAS HBAs.

Fix this by limiting a report zone command buffer size to the minimum of
the device max_hw_sectors and calculated value based on the requested
number of zones. This does not change the semantic of the report_zones file
operation as report zones can always return less zone reports than
requested. Short reports are handled using a loop execution of the
report_zones file operation in the function blk_report_zones().

[Damien]
Before patch 'e76239a3748c ("block: add a report_zones method")', report
zones buffer allocation was limited to max_sectors when allocated in
blk_report_zones(). This however does not consider the actual format of the
device reply which is interface dependent. Limiting the allocation based
on the size of the expected reply format rather than the size of the array
of generic sturct blkzone passed by blk_report_zones() makes more sense.

Fixes: e76239a3748c ("block: add a report_zones method")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Masato Suzuki <masato.suzuki@xxxxxxx>
Signed-off-by: Damien Le Moal <damien.lemoal@xxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/scsi/sd_zbc.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

--- a/drivers/scsi/sd_zbc.c
+++ b/drivers/scsi/sd_zbc.c
@@ -142,10 +142,12 @@ int sd_zbc_report_zones(struct gendisk *
return -EOPNOTSUPP;

/*
- * Get a reply buffer for the number of requested zones plus a header.
- * For ATA, buffers must be aligned to 512B.
+ * Get a reply buffer for the number of requested zones plus a header,
+ * without exceeding the device maximum command size. For ATA disks,
+ * buffers must be aligned to 512B.
*/
- buflen = roundup((nrz + 1) * 64, 512);
+ buflen = min(queue_max_hw_sectors(disk->queue) << 9,
+ roundup((nrz + 1) * 64, 512));
buf = kmalloc(buflen, gfp_mask);
if (!buf)
return -ENOMEM;

Next message: Greg Kroah-Hartman: "[PATCH 4.20 146/183] RDMA/srp: Rework SCSI device reset handling"
Previous message: Greg Kroah-Hartman: "[PATCH 4.20 144/183] net/mlx5e: XDP, fix redirect resources availability check"
In reply to: Greg Kroah-Hartman: "[PATCH 4.20 144/183] net/mlx5e: XDP, fix redirect resources availability check"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.20 146/183] RDMA/srp: Rework SCSI device reset handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]