]> www.infradead.org Git - users/willy/xarray.git/commitdiff
scsi: scsi_debug: Fix a warning in resp_write_scat()
authorHarshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Fri, 11 Nov 2022 10:05:25 +0000 (02:05 -0800)
committerMartin K. Petersen <martin.petersen@oracle.com>
Thu, 17 Nov 2022 18:12:21 +0000 (18:12 +0000)
As 'lbdof_blen' is coming from user, if the size in kzalloc() is >=
MAX_ORDER then we hit a warning.

Call trace:

sg_ioctl
 sg_ioctl_common
   scsi_ioctl
    sg_scsi_ioctl
     blk_execute_rq
      blk_mq_sched_insert_request
       blk_mq_run_hw_queue
        __blk_mq_delay_run_hw_queue
         __blk_mq_run_hw_queue
          blk_mq_sched_dispatch_requests
           __blk_mq_sched_dispatch_requests
            blk_mq_dispatch_rq_list
             scsi_queue_rq
              scsi_dispatch_cmd
               scsi_debug_queuecommand
                schedule_resp
                 resp_write_scat

If you try to allocate a memory larger than(>=) MAX_ORDER, then kmalloc()
will definitely fail.  It creates a stack trace and messes up dmesg.  The
user controls the size here so if they specify a too large size it will
fail.

Add __GFP_NOWARN in order to avoid too large allocation warning.  This is
detected by static analysis using smatch.

Fixes: 481b5e5c7949 ("scsi: scsi_debug: add resp_write_scat function")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Link: https://lore.kernel.org/r/20221111100526.1790533-1-harshit.m.mogalapalli@oracle.com
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/scsi_debug.c

index 697fc57bc711fb0e8492234c5cf65ac90d80b9c9..273224d29ce947cc2b823d54459424d227e37692 100644 (file)
@@ -3778,7 +3778,7 @@ static int resp_write_scat(struct scsi_cmnd *scp,
                mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
                return illegal_condition_result;
        }
-       lrdp = kzalloc(lbdof_blen, GFP_ATOMIC);
+       lrdp = kzalloc(lbdof_blen, GFP_ATOMIC | __GFP_NOWARN);
        if (lrdp == NULL)
                return SCSI_MLQUEUE_HOST_BUSY;
        if (sdebug_verbose)