diff options
| author |   Damien Le Moal <damien.lemoal@opensource.wdc.com> | 2022-06-01 15:25:44 +0900 |
|---|---|---|
| committer |   Martin K. Petersen <martin.petersen@oracle.com> | 2022-06-01 22:36:44 -0400 |
| commit | 30c4fdc3dcdd1f08876300711778d8b680d54b36 (patch) | |
| tree | 1075a97cfb29ba2d2b3de28577adcde8d00a82dd /drivers/scsi/sd_zbc.c | |
| parent | scsi: sd: Fix potential NULL pointer dereference (diff) | |
| download | linux-dev-30c4fdc3dcdd1f08876300711778d8b680d54b36.tar.xz linux-dev-30c4fdc3dcdd1f08876300711778d8b680d54b36.zip | |
scsi: sd_zbc: Prevent zone information memory leak
Make sure to always free a scsi disk zone information, even for regular
disks. This ensures that there is no memory leak, even in the case of a
zoned disk changing type to a regular disk (e.g. with a reformat using the
FORMAT WITH PRESET command or other vendor proprietary command).
To do this, rename sd_zbc_clear_zone_info() to sd_zbc_free_zone_info() and
remove sd_zbc_release_disk(). A call to sd_zbc_free_zone_info() is added to
sd_zbc_read_zones() for drives for which sd_is_zoned() returns
false. Furthermore, sd_zbc_free_zone_info() code make s sure that the sdkp
rev_mutex is never used while not being initialized by gating the cleanup
code with a a check on the zone_wp_update_buf field as it is never NULL
when rev_mutex has been initialized.
Link: https://lore.kernel.org/r/20220601062544.905141-3-damien.lemoal@opensource.wdc.com
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/sd_zbc.c')
| -rw-r--r-- | drivers/scsi/sd_zbc.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/drivers/scsi/sd_zbc.c b/drivers/scsi/sd_zbc.c index 5b9fad70aa88..6acc4f406eb8 100644 --- a/drivers/scsi/sd_zbc.c +++ b/drivers/scsi/sd_zbc.c @@ -786,8 +786,11 @@ static int sd_zbc_init_disk(struct scsi_disk *sdkp) return 0; } -static void sd_zbc_clear_zone_info(struct scsi_disk *sdkp) +void sd_zbc_free_zone_info(struct scsi_disk *sdkp) { + if (!sdkp->zone_wp_update_buf) + return; + /* Serialize against revalidate zones */ mutex_lock(&sdkp->rev_mutex); @@ -802,12 +805,6 @@ static void sd_zbc_clear_zone_info(struct scsi_disk *sdkp) mutex_unlock(&sdkp->rev_mutex); } -void sd_zbc_release_disk(struct scsi_disk *sdkp) -{ - if (sd_is_zoned(sdkp)) - sd_zbc_clear_zone_info(sdkp); -} - static void sd_zbc_revalidate_zones_cb(struct gendisk *disk) { struct scsi_disk *sdkp = scsi_disk(disk); @@ -914,12 +911,15 @@ int sd_zbc_read_zones(struct scsi_disk *sdkp, u8 buf[SD_BUF_SIZE]) u32 zone_blocks = 0; int ret; - if (!sd_is_zoned(sdkp)) + if (!sd_is_zoned(sdkp)) { /* - * Device managed or normal SCSI disk, - * no special handling required + * Device managed or normal SCSI disk, no special handling + * required. Nevertheless, free the disk zone information in + * case the device type changed. */ + sd_zbc_free_zone_info(sdkp); return 0; + } /* READ16/WRITE16 is mandatory for ZBC disks */ sdkp->device->use_16_for_rw = 1; @@ -928,11 +928,11 @@ int sd_zbc_read_zones(struct scsi_disk *sdkp, u8 buf[SD_BUF_SIZE]) if (!blk_queue_is_zoned(q)) { /* * This can happen for a host aware disk with partitions. - * The block device zone information was already cleared - * by blk_queue_set_zoned(). Only clear the scsi disk zone + * The block device zone model was already cleared by + * blk_queue_set_zoned(). Only free the scsi disk zone * information and exit early. */ - sd_zbc_clear_zone_info(sdkp); + sd_zbc_free_zone_info(sdkp); return 0; } |