As 'vnum' is controlled by user, so if user tries to allocate memory
larger than(>=) MAX_ORDER, then kcalloc() will fail, it creates a stack
trace and messes up dmesg with a warning.
Add __GFP_NOWARN in order to avoid too large allocation warning.
This is detected by static analysis using smatch.
Fixes: c3e2fe9222d4 ("scsi: scsi_debug: Implement VERIFY(10), add VERIFY(16)")
Signed-off-by: Harshit Mogalapalli <[email protected]>
---
drivers/scsi/scsi_debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 697fc57bc711..cbb9395c90c1 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -4429,7 +4429,7 @@ static int resp_verify(struct scsi_cmnd *scp, struct sdebug_dev_info *devip)
if (ret)
return ret;
- arr = kcalloc(lb_size, vnum, GFP_ATOMIC);
+ arr = kcalloc(lb_size, vnum, GFP_ATOMIC | __GFP_NOWARN);
if (!arr) {
mk_sense_buffer(scp, ILLEGAL_REQUEST, INSUFF_RES_ASC,
INSUFF_RES_ASCQ);
--
2.38.1
Harshit,
> As 'vnum' is controlled by user, so if user tries to allocate memory
> larger than(>=) MAX_ORDER, then kcalloc() will fail, it creates a stack
> trace and messes up dmesg with a warning.
Applied to 6.2/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
On Fri, 11 Nov 2022 23:00:31 -0800, Harshit Mogalapalli wrote:
> As 'vnum' is controlled by user, so if user tries to allocate memory
> larger than(>=) MAX_ORDER, then kcalloc() will fail, it creates a stack
> trace and messes up dmesg with a warning.
>
> Add __GFP_NOWARN in order to avoid too large allocation warning.
> This is detected by static analysis using smatch.
>
> [...]
Applied to 6.2/scsi-queue, thanks!
[1/1] scsi: scsi_debug: Fix a warning in resp_verify()
https://git.kernel.org/mkp/scsi/c/ed0f17b748b2
--
Martin K. Petersen Oracle Linux Engineering