From patchwork Mon May 30 01:43:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damien Le Moal X-Patchwork-Id: 12864279 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56E2AC433F5 for ; Mon, 30 May 2022 01:43:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232157AbiE3Bnu (ORCPT ); Sun, 29 May 2022 21:43:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58400 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232151AbiE3Bnr (ORCPT ); Sun, 29 May 2022 21:43:47 -0400 Received: from esa1.hgst.iphmx.com (esa1.hgst.iphmx.com [68.232.141.245]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79DBEDEB4 for ; Sun, 29 May 2022 18:43:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wdc.com; i=@wdc.com; q=dns/txt; s=dkim.wdc.com; t=1653875026; x=1685411026; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6ATYhnDpKjGF86MZs0pzDwMcHyXcGd6DSmhzlnusnbQ=; b=dihODXRCIi0V6I/FVYxnp+dtGd7xLtG5cvoOQVQC1EQcHy50lq4zdA6X 92icJUdPLSUhC9zuR1L/t8cu0T/OV63utvpUXzJGGKnK5Af5U+XmC8sGv GLQX5P8Ba9Vs9OVY8NOGSSjTz1BBlKYiP/VjoXrp/uxhVFZK+3jXEmvO7 jJqq/WVNa+nOgzShoswcnBJFUBdqF0AvUFwzzbW4afl0fEW1ZYc+HG1Fu tRkrNUAJ509V454Ra/NrFRkaXK14Gf4VBKoPY2mOyEFVoYOZLOgP+M6wz 70jTR1luQtD1Og9Qv03aLkKAR1ecus/9wdjrrQ2ud2bxmuZvdEjUDiCDt Q==; X-IronPort-AV: E=Sophos;i="5.91,261,1647273600"; d="scan'208";a="313773997" Received: from uls-op-cesaip02.wdc.com (HELO uls-op-cesaep02.wdc.com) ([199.255.45.15]) by ob1.hgst.iphmx.com with ESMTP; 30 May 2022 09:43:45 +0800 IronPort-SDR: IAfL1XAX5sDxRwYf522cRThFEEAkGYzvBAXjTbuWAY24PiUizVg+KAySsRotalYiYxNeH31T6G uAaYXfZRJ+/+GNEEjZ+Mh61d4flJaJ/OORsCJx6WrpSwI8kV/zpq17M8dtfrHpgKYYy9P+0Skk 4vSjiqGKr/xX/mVZZNW1a5bSrlcCNR2OcoDxyHvYMVruqCWRHmcvrKo0TSFgbF3nM4zr6HtHZS fFo/NnXXnJ3z3cqZO2p0MOR+TWyfI4DavStifrNDTmQmpngTKSPcYgsc18oHrUaN7A7PxpV7n8 ogVAkWeGy3l/qTJhnDtBrDUe Received: from uls-op-cesaip02.wdc.com ([10.248.3.37]) by uls-op-cesaep02.wdc.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 29 May 2022 18:03:11 -0700 IronPort-SDR: ScTCqxg9fw58gk0Zk1N0qkHQgS1qTOIj8hwksWsNEsNFjp/Lp0N/FMDIlB9uWkZ1GuKdRJ+bOn akUJvrw4M22nd7aszegUWFHzJS2Scl3n4wCjifHWJXk3rk3q5XhfQeKqW2o3j9Mqn2kOBvPuxG NRDv/gQz8yrqDdSvrJY2K1kghwK6bqXTddf1/EP3h+d/cBhmTa8xH3UuT0xOoXHmu474kSj1ZI xKNVgnl/9idOykgq+nuoxfHX0wo16Kjw0/LZhQb8kgaBfz2HjI+R4ynGwYJE2jNz64hh2v4Ybu Tcc= WDCIronportException: Internal Received: from usg-ed-osssrv.wdc.com ([10.3.10.180]) by uls-op-cesaip02.wdc.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 29 May 2022 18:43:46 -0700 Received: from usg-ed-osssrv.wdc.com (usg-ed-osssrv.wdc.com [127.0.0.1]) by usg-ed-osssrv.wdc.com (Postfix) with ESMTP id 4LBJ8x1ggLz1SVnx for ; Sun, 29 May 2022 18:43:45 -0700 (PDT) Authentication-Results: usg-ed-osssrv.wdc.com (amavisd-new); dkim=pass reason="pass (just generated, assumed good)" header.d=opensource.wdc.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= opensource.wdc.com; h=content-transfer-encoding:mime-version :references:in-reply-to:x-mailer:message-id:date:subject:to :from; s=dkim; t=1653875024; x=1656467025; bh=6ATYhnDpKjGF86MZs0 pzDwMcHyXcGd6DSmhzlnusnbQ=; b=kgWZYNFlil0cBUS+oyv4HxP6ItrOiVVIMs /EICycxuYh2WLjao6GkfRuJw1TJ0BpXXZNz9znTq6pLDMeHO+SCgxoKspRqFXEeh ONLKKl0WBaL0EixjmAAxyBKufacAXRGuq5bqFoyaiQ7/SZ8qmEmXLbytGMm1JrjD 8nLN/VlfthUh6itbFPaClftxMS6lISHQy3/W5M3RVSwSSmtzoWLjEUzL6m5eljW9 +IPCYMiyliriay21jR3H17CasVowClAKvKJpactG4vhkQwLcajIszExeMgFscvUa CwUjS3/inEWKfplNzHeiO70lORls9z503x+nA+bQsp9Utr07NnQw== X-Virus-Scanned: amavisd-new at usg-ed-osssrv.wdc.com Received: from usg-ed-osssrv.wdc.com ([127.0.0.1]) by usg-ed-osssrv.wdc.com (usg-ed-osssrv.wdc.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id aLxCSTXZpd6L for ; Sun, 29 May 2022 18:43:44 -0700 (PDT) Received: from washi.fujisawa.hgst.com (washi.fujisawa.hgst.com [10.149.53.254]) by usg-ed-osssrv.wdc.com (Postfix) with ESMTPSA id 4LBJ8w1l74z1Rvlx; Sun, 29 May 2022 18:43:44 -0700 (PDT) From: Damien Le Moal To: linux-scsi@vger.kernel.org, "Martin K . Petersen" Cc: Dongliang Mu Subject: [PATCH 1/2] scsi: sd: Fix potential NULL pointer dereference Date: Mon, 30 May 2022 10:43:40 +0900 Message-Id: <20220530014341.115427-2-damien.lemoal@opensource.wdc.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220530014341.115427-1-damien.lemoal@opensource.wdc.com> References: <20220530014341.115427-1-damien.lemoal@opensource.wdc.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org If sd_probe() sees an error before sdkp->device is initialized, sd_zbc_release_disk() is called, which causes a NULL pointer dereference when sd_is_zoned() is called. Avoid this by also testing if a scsi disk device pointer is set in sd_is_zoned(). Reported-by: Dongliang Mu Fixes: 89d947561077 ("sd: Implement support for ZBC device") Signed-off-by: Damien Le Moal Tested-by: Dongliang Mu Reviewed-by: Johannes Thumshirn --- drivers/scsi/sd.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/sd.h b/drivers/scsi/sd.h index 2abad54fd23f..b90b96e8834e 100644 --- a/drivers/scsi/sd.h +++ b/drivers/scsi/sd.h @@ -236,7 +236,8 @@ static inline void sd_dif_config_host(struct scsi_disk *disk) static inline int sd_is_zoned(struct scsi_disk *sdkp) { - return sdkp->zoned == 1 || sdkp->device->type == TYPE_ZBC; + return sdkp->zoned == 1 || + (sdkp->device && sdkp->device->type == TYPE_ZBC); } #ifdef CONFIG_BLK_DEV_ZONED From patchwork Mon May 30 01:43:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Damien Le Moal X-Patchwork-Id: 12864280 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CE5FC4332F for ; Mon, 30 May 2022 01:43:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232156AbiE3Bnv (ORCPT ); Sun, 29 May 2022 21:43:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58418 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232155AbiE3Bnr (ORCPT ); Sun, 29 May 2022 21:43:47 -0400 Received: from esa1.hgst.iphmx.com (esa1.hgst.iphmx.com [68.232.141.245]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 07CD7DEB7 for ; Sun, 29 May 2022 18:43:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wdc.com; i=@wdc.com; q=dns/txt; s=dkim.wdc.com; t=1653875026; x=1685411026; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=62sd6ZTARlsd5HOF4fAgp3i8n5GB+VqU6F117wCHpZg=; b=qX5Ct+yoph84zo+nR+3I5rFvdFASmmQCjPwhKMo7iZwtTwYtxrNQuMDf KD/qtez+HnNz2WRNtmz5FqFkl0L1r2fYBF+urF/NMwhGaI98WSVYE8z2p Gt4HFtGGDfv6yDlbXTfYTd3kF90mPuX8Z9N45v11KaC0gWM8llPTTBK5i cgj/SXh2/OB4IE0vMkDqEZRYM5e6SK5lmCH6Ug81EBktI9IIqq9JSf7tv puA2lFiWyK7PxUlx6WaC+GXei82izHCiSYlVh4KF32lccjbVumYr8AZas hfv6+ssj0sWBub+wPAtpllxydw7HzF7Kn4hrssaWnI25PnP3sAhXNBijp A==; X-IronPort-AV: E=Sophos;i="5.91,261,1647273600"; d="scan'208";a="313773998" Received: from uls-op-cesaip02.wdc.com (HELO uls-op-cesaep02.wdc.com) ([199.255.45.15]) by ob1.hgst.iphmx.com with ESMTP; 30 May 2022 09:43:46 +0800 IronPort-SDR: AMvPDCr9V9i5i2THlEEvW1lYe6TUVD/pLfCHCHzyqFmM/heDAQWAUFij+ykw5Be7dDWFkjrlFM qZ4LRyix/X/ucddaaEMG8LuwaVtOVeWAaL9ikN+BZCTeX8/XRpJJmLhQ75viB50q94oxRA39Hl 3UMrH4RlSH7cJowqvvMwfgrs5zsdJybz1tBpDREvCZrHRyQWShTTkQIhqq3QPtEaBgFrFvziiQ Xv4eVpIAxHnwwGZ3YxLkubN0ecUZZtQ6XqkLeEoap1YEBu8nze1TU5o9g0C633GdtY8gbnaK6b PWIKNWGb181pdln21jPDkIZV Received: from uls-op-cesaip02.wdc.com ([10.248.3.37]) by uls-op-cesaep02.wdc.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 29 May 2022 18:03:12 -0700 IronPort-SDR: AmjETY8rqpFTOF7m7p8oGLM95gA+8aObPux7GhVbw3hiLm8cr5cDrryDWfRJKrCK3iEWCr1JDY vaV08vJIkRM2eqokzaK4yLiECP9ccpF51xrjJ/MPN258pey/zUqDXwnpqFIFDekR1t09+7JtkV AJV9qNHzfoqgZX01Rzc1+jVc4m6LyCxn5l+2W81FO1qKlbGs1CpOnIui8bxDEYdJuC8D10gXUR IjDgCJIE1SJEN7QmDUkQuYSQn/fp3cWtKRoP1ewFFMChSX9Qc+BKMMrLDLaFwfUm0EduRbeeKh Zjk= WDCIronportException: Internal Received: from usg-ed-osssrv.wdc.com ([10.3.10.180]) by uls-op-cesaip02.wdc.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 29 May 2022 18:43:46 -0700 Received: from usg-ed-osssrv.wdc.com (usg-ed-osssrv.wdc.com [127.0.0.1]) by usg-ed-osssrv.wdc.com (Postfix) with ESMTP id 4LBJ8y0sjtz1Rwrw for ; Sun, 29 May 2022 18:43:46 -0700 (PDT) Authentication-Results: usg-ed-osssrv.wdc.com (amavisd-new); dkim=pass reason="pass (just generated, assumed good)" header.d=opensource.wdc.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= opensource.wdc.com; h=content-transfer-encoding:mime-version :references:in-reply-to:x-mailer:message-id:date:subject:to :from; s=dkim; t=1653875025; x=1656467026; bh=62sd6ZTARlsd5HOF4f Agp3i8n5GB+VqU6F117wCHpZg=; b=W2LfV2INyIHY8LcFaQxtadY666yWj1CkrN e7HydkfEymshEHimNqeSaV8PD8BiU5qy4anwVTZDCJ9WnFEYyAzi3Q4ejPq2yKu4 ecT15ncjVhOIHYEiyyDcVNd7gpMOZbaLlQV4TemS79rw5pg4riR66yXUVowna7GB 9wrPtLqM0KBm2o1yUV4rkBEkZ3iNOVPLOPga4ycLCNmnvQFDMM9i1r4Pm2dESsgo vlVXVAc/+iiVH300FjaNGet1n2GvYXPn7UgoE8gRrI4mx3yAmDoZuhJiY2jcWQSe ilk7Nz/Lm+BGaGp7B40JIzCHiyLInCBg/mJEIJIaM4NVahI8Dy+w== X-Virus-Scanned: amavisd-new at usg-ed-osssrv.wdc.com Received: from usg-ed-osssrv.wdc.com ([127.0.0.1]) by usg-ed-osssrv.wdc.com (usg-ed-osssrv.wdc.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Folyo8CDxZ1a for ; Sun, 29 May 2022 18:43:45 -0700 (PDT) Received: from washi.fujisawa.hgst.com (washi.fujisawa.hgst.com [10.149.53.254]) by usg-ed-osssrv.wdc.com (Postfix) with ESMTPSA id 4LBJ8x109rz1Rvlc; Sun, 29 May 2022 18:43:45 -0700 (PDT) From: Damien Le Moal To: linux-scsi@vger.kernel.org, "Martin K . Petersen" Cc: Dongliang Mu Subject: [PATCH 2/2] scsi: sd_zbc: prevent zone information memory leak Date: Mon, 30 May 2022 10:43:41 +0900 Message-Id: <20220530014341.115427-3-damien.lemoal@opensource.wdc.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220530014341.115427-1-damien.lemoal@opensource.wdc.com> References: <20220530014341.115427-1-damien.lemoal@opensource.wdc.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Make sure to always clear a scsi disk zone information, even for regular disks. This ensures that there is no memory leak, even in the case of a zoned disk changing type to a regular disk (e.g. with a reformat using the FORMAT WITH PRESET command or other vendor proprietary command). This change also makes sure that the sdkp rev_mutex is never used while not being initialized by gating sd_zbc_clear_zone_info() cleanup code with a check on the zone_wp_update_buf field which is never NULL when rev_mutex has been initialized. Signed-off-by: Damien Le Moal --- drivers/scsi/sd_zbc.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/sd_zbc.c b/drivers/scsi/sd_zbc.c index 5b9fad70aa88..6245205b1159 100644 --- a/drivers/scsi/sd_zbc.c +++ b/drivers/scsi/sd_zbc.c @@ -788,6 +788,9 @@ static int sd_zbc_init_disk(struct scsi_disk *sdkp) static void sd_zbc_clear_zone_info(struct scsi_disk *sdkp) { + if (!sdkp->zone_wp_update_buf) + return; + /* Serialize against revalidate zones */ mutex_lock(&sdkp->rev_mutex); @@ -804,8 +807,7 @@ static void sd_zbc_clear_zone_info(struct scsi_disk *sdkp) void sd_zbc_release_disk(struct scsi_disk *sdkp) { - if (sd_is_zoned(sdkp)) - sd_zbc_clear_zone_info(sdkp); + sd_zbc_clear_zone_info(sdkp); } static void sd_zbc_revalidate_zones_cb(struct gendisk *disk) @@ -914,12 +916,15 @@ int sd_zbc_read_zones(struct scsi_disk *sdkp, u8 buf[SD_BUF_SIZE]) u32 zone_blocks = 0; int ret; - if (!sd_is_zoned(sdkp)) + if (!sd_is_zoned(sdkp)) { /* - * Device managed or normal SCSI disk, - * no special handling required + * Device managed or normal SCSI disk, no special handling + * required. Nevertheless, clear the disk zone information in + * case the device type changed. */ + sd_zbc_clear_zone_info(sdkp); return 0; + } /* READ16/WRITE16 is mandatory for ZBC disks */ sdkp->device->use_16_for_rw = 1;