linux/drivers
Martin Wilck 077ce028b8 scsi: target: pscsi: Avoid OOM in pscsi_map_sg()
pscsi_map_sg() uses the variable nr_pages as a hint for bio_kmalloc() how
many vector elements to allocate. If nr_pages is < BIO_MAX_PAGES, it will
be reset to 0 after successful allocation of the bio.

If bio_add_pc_page() fails later for whatever reason, pscsi_map_sg() tries
to allocate another bio, passing nr_vecs = 0. This causes bio_add_pc_page()
to fail immediately in the next call. pci_map_sg() continues to allocate
zero-length bios until memory is exhausted and the kernel crashes with
OOM. This can be easily observed by exporting a SATA DVD drive via pscsi.
The target crashes as soon as the client tries to access the DVD LUN. In
the case I analyzed, bio_add_pc_page() would fail because the DVD device's
max_sectors_kb (128) was exceeded.

Avoid this by simply not resetting nr_pages to 0 after allocating the
bio. This way, the client receives an I/O error when it tries to send
requests exceeding the devices max_sectors_kb, and eventually gets it
right. The client must still limit max_sectors_kb e.g. by an udev rule if
(like in my case) the driver doesn't report valid block limits, otherwise
it encounters I/O errors.

Link: https://lore.kernel.org/r/20210323212431.15306-1-mwilck@suse.com
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Lee Duncan <lduncan@suse.com>
Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-03-24 23:19:23 -04:00
..
accessibility Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
acpi Additional ACPI updates for v5.12-rc1 2021-02-25 12:03:13 -08:00
amba
android
ata
atm atm: idt77252: fix build broken on amd64 2021-02-15 12:36:27 -08:00
auxdisplay treewide: Miguel has moved 2021-02-26 09:41:03 -08:00
base RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
bcma
block block-5.12-2021-02-27 2021-02-28 11:23:38 -08:00
bluetooth TTY/Serial driver changes for 5.12-rc1 2021-02-20 21:28:04 -08:00
bus Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
cdrom
char Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
clk RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
clocksource A small set of clockevent fixes which fell through the cracks 2021-02-22 14:11:36 -08:00
connector
counter
cpufreq Simple Firmware Interface (SFI) support removal for v5.12-rc1 2021-02-24 10:35:29 -08:00
cpuidle
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2021-02-21 17:23:56 -08:00
cxl cxl/mem: Fix potential memory leak 2021-02-22 14:44:39 -08:00
dax Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-02-27 08:07:12 -08:00
dca
devfreq Merge branches 'pm-devfreq' and 'pm-tools' 2021-02-15 17:02:04 +01:00
dio
dma dmaengine updates for v5.12-rc1 2021-02-23 15:05:10 -08:00
dma-buf dma-fence: allow signaling drivers to set fence timestamp 2021-02-24 21:05:28 +05:30
edac Merge branch 'edac-misc' into edac-updates-for-v5.12 2021-02-15 10:06:58 +01:00
eisa
extcon
firewire
firmware Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
fpga
fsi
gnss
gpio Driver core / debugfs update for 5.12-rc1 2021-02-24 10:13:55 -08:00
gpu A handful of late-arriving documentation fixes, nothing all that notable. 2021-02-26 14:21:18 -08:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2021-02-23 14:52:22 -08:00
hsi
hv mm/memory_hotplug: MEMHP_MERGE_RESOURCE -> MHP_MERGE_RESOURCE 2021-02-26 09:41:00 -08:00
hwmon Devicetree updates for v5.12: 2021-02-22 10:05:12 -08:00
hwspinlock
hwtracing ARM updates for 5.12-rc1: 2021-02-22 14:27:07 -08:00
i2c i2c: exynos5: Preserve high speed master code 2021-02-26 11:47:42 +01:00
i3c I3C for 5.12 2021-02-22 09:52:55 -08:00
ide ide-5.11-2021-02-28 2021-02-28 15:48:25 -08:00
idle
iio - Use the newly introduced 'hot' and 'critical' ops for the acpi 2021-02-22 09:39:11 -08:00
infiniband Linux 5.11 2021-02-18 11:19:29 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2021-02-23 14:56:23 -08:00
interconnect
iommu dma-mapping updates for 5.12: 2021-02-24 09:54:24 -08:00
ipack
irqchip irqchip updates for Linux 5.12: 2021-02-15 15:41:56 +01:00
isdn
leds Updates for 5.12-rc1. Besides usual fixes and new drivers, we are 2021-02-26 13:56:40 -08:00
lightnvm lightnvm: pblk: Replace guid_copy() with export_guid()/import_guid() 2021-02-14 21:27:24 -07:00
macintosh
mailbox mailbox: arm_mhuv2: Skip calling kfree() with invalid pointer 2021-02-22 13:34:27 -06:00
mcb
md block-5.12-2021-02-27 2021-02-28 11:23:38 -08:00
media Fixes around VM_FPNMAP and follow_pfn 2021-02-22 17:45:02 -08:00
memory Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
memstick
message
mfd Simple Firmware Interface (SFI) support removal for v5.12-rc1 2021-02-24 10:35:29 -08:00
misc pci-v5.12-changes 2021-02-25 09:56:08 -08:00
mmc Merge branch 'stable/for-linus-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb 2021-02-26 13:59:32 -08:00
most
mtd This pull request contains changes (actually just fixes) for UBIFS 2021-02-21 13:57:08 -08:00
mux
net virtio: features, fixes 2021-02-25 12:21:08 -08:00
nfc Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
ntb NTB: Add support for EPF PCI Non-Transparent Bridge 2021-02-23 14:12:53 -06:00
nubus
nvdimm libnvdimm + device-dax for 5.12 2021-02-24 09:35:54 -08:00
nvme block-5.12-2021-02-27 2021-02-28 11:23:38 -08:00
nvmem
of Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
opp opp: Don't skip freq update for different frequency 2021-02-18 12:31:08 +05:30
parisc
parport
pci pci-v5.12-changes 2021-02-25 09:56:08 -08:00
pcmcia Merge branch 'pcmcia-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux 2021-02-26 13:54:43 -08:00
perf IOMMU Updates for Linux v5.12 2021-02-22 10:31:29 -08:00
phy
pinctrl RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
platform Additional ACPI updates for v5.12-rc1 2021-02-25 12:03:13 -08:00
pnp
power
powercap powercap: intel_rapl: Use topology interface in rapl_init_domains() 2021-02-12 16:53:01 +01:00
pps
ps3
ptp ptp: ptp_clockmatrix: clean-up - parenthesis around a == b are unnecessary 2021-02-17 13:49:26 -08:00
pwm pwm: Changes for v5.12-rc1 2021-02-25 12:23:49 -08:00
rapidio
ras
regulator - Core Frameworks 2021-02-22 09:29:42 -08:00
remoteproc remoteproc: qcom: pas: Add SM8350 PAS remoteprocs 2021-02-11 12:52:18 -06:00
reset RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
rpmsg
rtc Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-02-27 08:07:12 -08:00
s390 Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-02-27 08:07:12 -08:00
sbus
scsi scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() 2021-03-24 22:07:45 -04:00
sh
siox
slimbus
soc OpenRISC updates for 5.12 2021-02-26 14:16:06 -08:00
soundwire soundwire: intel: fix possible crash when no device is detected 2021-02-11 10:49:52 +05:30
spi powerpc updates for 5.12 2021-02-22 14:34:00 -08:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-02-12 12:26:46 +01:00
ssb
staging Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-02-27 08:07:12 -08:00
target scsi: target: pscsi: Avoid OOM in pscsi_map_sg() 2021-03-24 23:19:23 -04:00
tc
tee
thermal - Use the newly introduced 'hot' and 'critical' ops for the acpi 2021-02-22 09:39:11 -08:00
thunderbolt
tty Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
uio
usb Kbuild updates for v5.12 2021-02-25 10:17:31 -08:00
vdpa vdpa/mlx5: fix param validation in mlx5_vdpa_get_config() 2021-02-23 07:52:59 -05:00
vfio VFIO updates for v5.12-rc1 2021-02-24 10:43:40 -08:00
vhost virtio: features, fixes 2021-02-25 12:21:08 -08:00
video drm fixes for 5.12-rc1 + msm-next 2021-02-25 12:10:22 -08:00
virt
virtio Merge branch 'akpm' (patches from Andrew) 2021-02-26 09:50:09 -08:00
visorbus
vlynq
vme
w1
watchdog Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
xen xen: branch for v5.12-rc1 2021-02-26 10:04:45 -08:00
zorro
Kconfig cxl/mem: Introduce a driver for CXL-2.0-Type-3 endpoints 2021-02-16 20:36:38 -08:00
Makefile Simple Firmware Interface (SFI) support removal for v5.12-rc1 2021-02-24 10:35:29 -08:00