Re: [PATCH] scsi: sd_zbc: ensure buffer size is aligned to SECTOR_SIZE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2021/09/06 23:06, Naohiro Aota wrote:
> Reporting zones on a SCSI device sometimes fail with the following error.
> 
> [76248.516390] ata16.00: invalid transfer count 131328
> [76248.523618] sd 15:0:0:0: [sda] REPORT ZONES start lba 536870912 failed
> 
> The error (from drivers/ata/libata-scsi.c ata_scsi_zbc_in_xlat())
> indicates that buffer size is not aligned to SECTOR_SIZE.
> 
> This happens when the __vmalloc() failed. Consider we are reporting 4096
> zones, then we will have "bufsize = roundup((4096 + 1) * 64,
> SECTOR_SIZE)" = (513 * 512) = 262656. Then, __vmalloc() failure halven
> the bufsize to 131328, which is no longer aligned to SECTOR_SIZE.
> 
> Use rounddown() to ensure the size is always aligned to SECTOR_SIZE and
> fix the comment as well.
> 
> Fixes: 23a50861adda ("scsi: sd_zbc: Cleanup sd_zbc_alloc_report_buffer()")
> Cc: stable@xxxxxxxxxxxxxxx # 5.5+
> Signed-off-by: Naohiro Aota <naohiro.aota@xxxxxxx>
> ---
>  drivers/scsi/sd_zbc.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/scsi/sd_zbc.c b/drivers/scsi/sd_zbc.c
> index 186b5ff52c3a..ea8b3f6ee5cd 100644
> --- a/drivers/scsi/sd_zbc.c
> +++ b/drivers/scsi/sd_zbc.c
> @@ -154,8 +154,8 @@ static void *sd_zbc_alloc_report_buffer(struct scsi_disk *sdkp,
>  
>  	/*
>  	 * Report zone buffer size should be at most 64B times the number of
> -	 * zones requested plus the 64B reply header, but should be at least
> -	 * SECTOR_SIZE for ATA devices.
> +	 * zones requested plus the 64B reply header, but should be aligned
> +	 * to SECTOR_SIZE for ATA devices.
>  	 * Make sure that this size does not exceed the hardware capabilities.
>  	 * Furthermore, since the report zone command cannot be split, make
>  	 * sure that the allocated buffer can always be mapped by limiting the
> @@ -174,7 +174,7 @@ static void *sd_zbc_alloc_report_buffer(struct scsi_disk *sdkp,
>  			*buflen = bufsize;
>  			return buf;
>  		}
> -		bufsize >>= 1;
> +		bufsize = rounddown(bufsize >> 1, SECTOR_SIZE);
>  	}
>  
>  	return NULL;
> 

Good catch ! My bad :)

Reviewed-by: Damien Le Moal <damien.lemoal@xxxxxxx>

-- 
Damien Le Moal
Western Digital Research




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux