scsi: scsi_debug: Fix a warning in resp_report_zones()

Message ID 20221112070612.2121535-1-harshit.m.mogalapalli@oracle.com
State New
Headers
Series scsi: scsi_debug: Fix a warning in resp_report_zones() |

Commit Message

Harshit Mogalapalli Nov. 12, 2022, 7:06 a.m. UTC
  As 'alloc_len' is user controlled data, if user tries to allocate memory
larger than(>=) MAX_ORDER, then kcalloc() will fail, it creates a stack
trace and messes up dmesg with a warning.

Add __GFP_NOWARN in order to avoid too large allocation warning.
This is detected by static analysis using smatch.

Fixes: 7db0e0c8190a ("scsi: scsi_debug: Fix buffer size of REPORT ZONES command")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
---
 drivers/scsi/scsi_debug.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
  

Comments

Martin K. Petersen Nov. 26, 2022, 12:20 a.m. UTC | #1
Harshit,

> As 'alloc_len' is user controlled data, if user tries to allocate memory
> larger than(>=) MAX_ORDER, then kcalloc() will fail, it creates a stack
> trace and messes up dmesg with a warning.

Applied to 6.2/scsi-staging, thanks!
  
Martin K. Petersen Dec. 1, 2022, 3:45 a.m. UTC | #2
On Fri, 11 Nov 2022 23:06:12 -0800, Harshit Mogalapalli wrote:

> As 'alloc_len' is user controlled data, if user tries to allocate memory
> larger than(>=) MAX_ORDER, then kcalloc() will fail, it creates a stack
> trace and messes up dmesg with a warning.
> 
> Add __GFP_NOWARN in order to avoid too large allocation warning.
> This is detected by static analysis using smatch.
> 
> [...]

Applied to 6.2/scsi-queue, thanks!

[1/1] scsi: scsi_debug: Fix a warning in resp_report_zones()
      https://git.kernel.org/mkp/scsi/c/07f2ca139d9a
  

Patch

diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 697fc57bc711..eaa726654be2 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -4497,7 +4497,7 @@  static int resp_report_zones(struct scsi_cmnd *scp,
 
 	rep_max_zones = (alloc_len - 64) >> ilog2(RZONES_DESC_HD);
 
-	arr = kzalloc(alloc_len, GFP_ATOMIC);
+	arr = kzalloc(alloc_len, GFP_ATOMIC | __GFP_NOWARN);
 	if (!arr) {
 		mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
 				INSUFF_RES_ASCQ);