[PATCH] scsi: sd_zbc: Fix sd_zbc_report_zones() buffer allocation

Damien Le Moal <damien.lemoal@xxxxxxx> · Wed, 13 Feb 2019 13:37:42 +0900

From: Masato Suzuki <masato.suzuki@xxxxxxx>

The function sd_zbc_do_report_zones() issues a REPORT ZONES command
with a buffer size calculated based on the number of zones requested
by the caller. This value should however not exceed the capabilities
of the hardware maximum command size, that is, should not exceed the
max_sectors limit of the device. This problem leads to failures of
report zones commands when re-validating disks with some SAS HBAs.

Fix this by limiting a report zone command buffer size to the minimum
of the device max_sectors and calculated value based on the requested
number of zones. This does not change the semantic of the report_zones
file operation as report zones can always return less zone reports
than requested. Short reports are handled using a loop execution of
the report_zones file operation in the function blk_report_zones().

[Damien]
Before commit 'e76239a3748c ("block: add a report_zones method")',
report zones buffer allocation was limited to max_sectors when
allocated in blk_report_zones(). This however does not consider the
actual format of the device reply which is interface dependent.
Limiting the allocation based on the expected reply format rather than
the generic struct blkzone size expected by blk_report_zones() makes
more sense.

Fixes: e76239a3748c ("block: add a report_zones method")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Damien Le Moal <damien.lemoal@xxxxxxx>
Signed-off-by: Masato Suzuki <masato.suzuki@xxxxxxx>
---
 drivers/scsi/sd_zbc.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/scsi/sd_zbc.c b/drivers/scsi/sd_zbc.c
index fff86940388b..fa75603a4090 100644
--- a/drivers/scsi/sd_zbc.c
+++ b/drivers/scsi/sd_zbc.c
@@ -142,10 +142,12 @@ int sd_zbc_report_zones(struct gendisk *disk, sector_t sector,
 		return -EOPNOTSUPP;
 
 	/*
-	 * Get a reply buffer for the number of requested zones plus a header.
-	 * For ATA, buffers must be aligned to 512B.
+	 * Get a reply buffer for the number of requested zones plus a header,
+	 * without exceeding the device maximum command size. For ATA disks,
+	 * buffers must be aligned to 512B.
 	 */
-	buflen = roundup((nrz + 1) * 64, 512);
+	buflen = min(queue_max_sectors(disk->queue) << 9,
+		     roundup((nrz + 1) * 64, 512));
 	buf = kmalloc(buflen, gfp_mask);
 	if (!buf)
 		return -ENOMEM;
-- 
2.20.1







