RE: [PATCH v2] scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()

From: Haiyang Zhang
Date: Thu Oct 07 2021 - 14:10:49 EST

Next message: Thierry Reding: "Re: [PATCH] [RESEND] firmware: tegra: reduce stack usage"
Previous message: Richard Palethorpe: "Re: [PATCH v2 2/2] vsock: Enable y2038 safe timeval for timeout"
In reply to: Dexuan Cui: "[PATCH v2] scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()"
Next in thread: John Garry: "Re: [PATCH v2] scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Dexuan Cui <decui@xxxxxxxxxxxxx>
> Sent: Thursday, October 7, 2021 1:50 PM
> To: KY Srinivasan <kys@xxxxxxxxxxxxx>; Stephen Hemminger
> <sthemmin@xxxxxxxxxxxxx>; wei.liu@xxxxxxxxxx; jejb@xxxxxxxxxxxxx;
> martin.petersen@xxxxxxxxxx; Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>;
> ming.lei@xxxxxxxxxx; bvanassche@xxxxxxx; john.garry@xxxxxxxxxx; linux-
> scsi@xxxxxxxxxxxxxxx; linux-hyperv@xxxxxxxxxxxxxxx; Long Li
> <longli@xxxxxxxxxxxxx>; Michael Kelley <mikelley@xxxxxxxxxxxxx>
> Cc: linux-kernel@xxxxxxxxxxxxxxx; Dexuan Cui <decui@xxxxxxxxxxxxx>;
> stable@xxxxxxxxxxxxxxx
> Subject: [PATCH v2] scsi: core: Fix shost->cmd_per_lun calculation in
> scsi_add_host_with_dma()
>
> After commit ea2f0f77538c, a 416-CPU VM running on Hyper-V hangs during
> boot because scsi_add_host_with_dma() sets shost->cmd_per_lun to a
> negative number (the below numbers may differ in different kernel
> versions):
> in drivers/scsi/storvsc_drv.c, storvsc_drv_init() sets
> 'max_outstanding_req_per_channel' to 352, and storvsc_probe() sets
> 'max_sub_channels' to (416 - 1) / 4 = 103 and sets scsi_driver.can_queue
> to
> 352 * (103 + 1) * (100 - 10) / 100 = 32947, which exceeds SHRT_MAX.
>
> Use min_t(int, ...) to fix the issue.
>
> Fixes: ea2f0f77538c ("scsi: core: Cap scsi_host cmd_per_lun at
> can_queue")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Dexuan Cui <decui@xxxxxxxxxxxxx>
> ---
>
> v1 tried to fix the issue by changing the storvsc driver:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flwn.ne
> t%2Fml%2Flinux-
> kernel%2FBYAPR21MB1270BBC14D5F1AE69FC31A16BFB09%40BYAPR21MB1270.namprd21
> .prod.outlook.com%2F&data=04%7C01%7Chaiyangz%40microsoft.com%7C366e6
> d0bf755492c631c08d989baf4b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7
> C637692258384408217%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
> V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RbNgx1aBBBzfHC3p
> EdKyBZWaaQIQXS3U%2FItEQUe4NfQ%3D&reserved=0
>
> v2 directly fixes the scsi core change instead as Michael Kelley and
> John Garry suggested (refer to the above link).
>
> drivers/scsi/hosts.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c
> index 3f6f14f0cafb..24b72ee4246f 100644
> --- a/drivers/scsi/hosts.c
> +++ b/drivers/scsi/hosts.c
> @@ -220,7 +220,8 @@ int scsi_add_host_with_dma(struct Scsi_Host *shost,
> struct device *dev,
> goto fail;
> }
>
> - shost->cmd_per_lun = min_t(short, shost->cmd_per_lun,
> + /* Use min_t(int, ...) in case shost->can_queue exceeds SHRT_MAX */
> + shost->cmd_per_lun = min_t(int, shost->cmd_per_lun,
> shost->can_queue);

Since shost->can_queue is int, the min_t type should also be int (the
longer type of the two vars).

Reviewed-by: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>

Next message: Thierry Reding: "Re: [PATCH] [RESEND] firmware: tegra: reduce stack usage"
Previous message: Richard Palethorpe: "Re: [PATCH v2 2/2] vsock: Enable y2038 safe timeval for timeout"
In reply to: Dexuan Cui: "[PATCH v2] scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()"
Next in thread: John Garry: "Re: [PATCH v2] scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]