From: Damien Le Moal <dlemoal@kernel.org>
To: "Ewan D. Milne" <emilne@redhat.com>, linux-scsi@vger.kernel.org
Cc: michael.christie@oracle.com, dgilbert@interlog.com, bvanassche@acm.org
Subject: Re: [PATCH v2 3/9] scsi: sd: Pass buffer length as argument to sd_read_capacity() et al.
Date: Fri, 15 Aug 2025 11:43:17 +0900 [thread overview]
Message-ID: <1305ccb7-4e23-436e-bdb3-79ebb8681bfc@kernel.org> (raw)
In-Reply-To: <20250814182907.1501213-4-emilne@redhat.com>
On 8/15/25 03:29, Ewan D. Milne wrote:
> That will make it easier to spot an inconsistent buffer size value.
How ? the buffer size is actually not checked. You only memset the buffer.
> Also, memset() the entire buffer rather than the 8 or 32 bytes expected
> back from READ CAPACITY(10) or READ CAPACITY(16).
Why ? There is no explanation why that is needed. The command will not return
more than the transfer length specified. So memsetting bytes that will never be
used seems useless.
>
> Signed-off-by: Ewan D. Milne <emilne@redhat.com>
> ---
> drivers/scsi/sd.c | 28 ++++++++++++++++++----------
> 1 file changed, 18 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
> index e3b802b26f0e..ae8eac4b1cb2 100644
> --- a/drivers/scsi/sd.c
> +++ b/drivers/scsi/sd.c
> @@ -2629,7 +2629,8 @@ static void read_capacity_error(struct scsi_disk *sdkp, struct scsi_device *sdp,
> #define READ_CAPACITY_RETRIES_ON_RESET 10
>
> static int read_capacity_16(struct scsi_disk *sdkp, struct scsi_device *sdp,
> - struct queue_limits *lim, unsigned char *buffer)
> + struct queue_limits *lim, unsigned char *buffer,
> + unsigned int buflen)
> {
> unsigned char cmd[16];
> struct scsi_sense_hdr sshdr;
> @@ -2651,7 +2652,7 @@ static int read_capacity_16(struct scsi_disk *sdkp, struct scsi_device *sdp,
> cmd[0] = SERVICE_ACTION_IN_16;
> cmd[1] = SAI_READ_CAPACITY_16;
> cmd[13] = RC16_LEN;
> - memset(buffer, 0, RC16_LEN);
> + memset(buffer, 0, buflen);
I would leave this as-is.
> > the_result = scsi_execute_cmd(sdp, cmd, REQ_OP_DRV_IN,
> buffer, RC16_LEN, SD_TIMEOUT,
> @@ -2719,8 +2720,13 @@ static int read_capacity_16(struct scsi_disk *sdkp, struct scsi_device *sdp,
> return sector_size;
> }
>
> +#define RC10_LEN 8
> +#if RC10_LEN > SD_BUF_SIZE
> +#error RC10_LEN must not be more than SD_BUF_SIZE
> +#endif
> +
> static int read_capacity_10(struct scsi_disk *sdkp, struct scsi_device *sdp,
> - unsigned char *buffer)
> + unsigned char *buffer, unsigned int buflen)
> {
> static const u8 cmd[10] = { READ_CAPACITY };
> struct scsi_sense_hdr sshdr;
> @@ -2765,7 +2771,7 @@ static int read_capacity_10(struct scsi_disk *sdkp, struct scsi_device *sdp,
> sector_t lba;
> unsigned sector_size;
>
> - memset(buffer, 0, 8);
> + memset(buffer, 0, buflen);
Same here, but maybe define RC10_LEN instead of having the magic "8" value
hardcoded ?
--
Damien Le Moal
Western Digital Research
next prev parent reply other threads:[~2025-08-15 2:43 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-14 18:28 [PATCH v2 0/9] Retry READ CAPACITY(10)/(16) with good status but no data Ewan D. Milne
2025-08-14 18:28 ` [PATCH v2 1/9] scsi: Explicitly specify .ascq = 0x00 for ASC 0x28/0x29 scsi_failures Ewan D. Milne
2025-08-14 18:29 ` [PATCH v2 2/9] scsi: sd: Explicitly specify .ascq = SCMD_FAILURE_ASCQ_ANY for ASC 0x3a Ewan D. Milne
2025-08-14 21:24 ` Bart Van Assche
2025-08-15 19:17 ` Ewan Milne
2025-08-14 18:29 ` [PATCH v2 3/9] scsi: sd: Pass buffer length as argument to sd_read_capacity() et al Ewan D. Milne
2025-08-14 21:31 ` Bart Van Assche
2025-08-15 2:43 ` Damien Le Moal [this message]
2025-08-15 18:53 ` Ewan Milne
2025-08-14 18:29 ` [PATCH v2 4/9] scsi: sd: Have scsi-ml retry read_capacity_16 errors Ewan D. Milne
2025-08-14 21:33 ` Bart Van Assche
2025-08-14 18:29 ` [PATCH v2 5/9] scsi: sd: Avoid passing potentially uninitialized "sense_valid" to read_capacity_error() Ewan D. Milne
2025-08-14 21:34 ` Bart Van Assche
2025-08-14 18:29 ` [PATCH v2 6/9] scsi: sd: Remove checks for -EOVERFLOW in sd_read_capacity() Ewan D. Milne
2025-08-14 21:36 ` Bart Van Assche
2025-08-14 18:29 ` [PATCH v2 7/9] scsi: sd: Check for and retry in case of READ_CAPCITY(10)/(16) returning no data Ewan D. Milne
2025-08-14 21:37 ` Bart Van Assche
2025-08-15 2:50 ` Damien Le Moal
2025-08-15 18:31 ` Ewan Milne
2025-08-14 18:29 ` [PATCH v2 8/9] scsi: Simplify nested if conditional in scsi_probe_lun() Ewan D. Milne
2025-08-14 21:37 ` Bart Van Assche
2025-08-15 2:50 ` Damien Le Moal
2025-08-14 18:29 ` [PATCH v2 9/9] scsi: scsi_debug: Add option to suppress returned data but return good status Ewan D. Milne
2025-08-14 21:41 ` Bart Van Assche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1305ccb7-4e23-436e-bdb3-79ebb8681bfc@kernel.org \
--to=dlemoal@kernel.org \
--cc=bvanassche@acm.org \
--cc=dgilbert@interlog.com \
--cc=emilne@redhat.com \
--cc=linux-scsi@vger.kernel.org \
--cc=michael.christie@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.