scsi: scsi_debug: Fix a warning in resp_write_scat()
[ Upstream commit 216e179724c1d9f57a8ababf8bd7aaabef67f01b ]
As 'lbdof_blen' is coming from user, if the size in kzalloc() is >=
MAX_ORDER then we hit a warning.
Call trace:
sg_ioctl
sg_ioctl_common
scsi_ioctl
sg_scsi_ioctl
blk_execute_rq
blk_mq_sched_insert_request
blk_mq_run_hw_queue
__blk_mq_delay_run_hw_queue
__blk_mq_run_hw_queue
blk_mq_sched_dispatch_requests
__blk_mq_sched_dispatch_requests
blk_mq_dispatch_rq_list
scsi_queue_rq
scsi_dispatch_cmd
scsi_debug_queuecommand
schedule_resp
resp_write_scat
If you try to allocate a memory larger than(>=) MAX_ORDER, then kmalloc()
will definitely fail. It creates a stack trace and messes up dmesg. The
user controls the size here so if they specify a too large size it will
fail.
Add __GFP_NOWARN in order to avoid too large allocation warning. This is
detected by static analysis using smatch.
Fixes: 481b5e5c79
("scsi: scsi_debug: add resp_write_scat function")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Link: https://lore.kernel.org/r/20221111100526.1790533-1-harshit.m.mogalapalli@oracle.com
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
b5848661f1
commit
263d21afba
@ -3139,7 +3139,7 @@ static int resp_write_scat(struct scsi_cmnd *scp,
|
||||
mk_sense_buffer(scp, ILLEGAL_REQUEST, INVALID_FIELD_IN_CDB, 0);
|
||||
return illegal_condition_result;
|
||||
}
|
||||
lrdp = kzalloc(lbdof_blen, GFP_ATOMIC);
|
||||
lrdp = kzalloc(lbdof_blen, GFP_ATOMIC | __GFP_NOWARN);
|
||||
if (lrdp == NULL)
|
||||
return SCSI_MLQUEUE_HOST_BUSY;
|
||||
if (sdebug_verbose)
|
||||
|
Loading…
Reference in New Issue
Block a user