From patchwork Thu Dec 17 20:33:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Parri X-Patchwork-Id: 345264 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85D34C2BBCD for ; Thu, 17 Dec 2020 20:35:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5B34D23A1E for ; Thu, 17 Dec 2020 20:35:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731514AbgLQUec (ORCPT ); Thu, 17 Dec 2020 15:34:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727088AbgLQUeb (ORCPT ); Thu, 17 Dec 2020 15:34:31 -0500 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15E5DC0617A7; Thu, 17 Dec 2020 12:33:51 -0800 (PST) Received: by mail-wr1-x42d.google.com with SMTP id w5so24176125wrm.11; Thu, 17 Dec 2020 12:33:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=D2EkVR3dxU3bZL0ia74uk0mklAzjaKcVTJH27BwnHqA=; b=qNDfI+w1vtEUNGIewrPPL0sxPrUbw/Gafc96TEevd0Z4rkO1F3U9ZHZW6gN9qvKSNr hb5jqTx5WORXv64t6jO1luDSlSL07w3aL73DYjIwWXIUqc6ivcvWneKtTuaMi9unhyYP BOnODLkPq03V8gRmgrMcLkPtY6RWHW67Cgtmc9585mwKqjkKfx4SOVFQW3nggH4ZlXfA hQyqEqk8EhBU8nUH5etHVXmoeNirrTPo2z+TdM08DfZ8FhTGXyk9LinJK3UGbzuJrGyL UTd5kuPCk2YpuwtWWr+2ORBRQty9iwiFrelbJfHFjQ7dbj3q0TOUSeE5gYMEgKoDYFWH J/hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=D2EkVR3dxU3bZL0ia74uk0mklAzjaKcVTJH27BwnHqA=; b=rxPDy5NCyvuU1bX+CmMJUDh3/2PydBLwheGDuvIgCCvk9fcof8y+hxvhFNxroLOfjp 7E6UrZryhetTXNZg6heYw4SDU+eFuEQKiYHQiY8WppPmRJcfDR7FuWDKq2U/gZtJSu0Z XQAYqNYPQzYZD6IufJNQ1z6G5HQkjZ3IRllguDMBDB8gDxr9eJiKkHzPnA1VQ1sB1jwZ dk5qt11k8OulwsReLbYnudnV6TjjWgKU2CDzDBT2/hV6LMs4F9Ez4Vg/IRgMZc6VpRWs 9hWXT9zKWllwfRxJhpeb3mWdy71AKg9GbujkAamWABl0CTA9K3stKngEPfNdF0h2mPLJ xiYg== X-Gm-Message-State: AOAM5314DCKtD3hxfl8PTgwKNRjfQOzTgnaA7atflvdxpFzRgy9KIlj/ 5QUmfKh4+LOaHgV9citMsFaGlA1E6Ke/2TPe X-Google-Smtp-Source: ABdhPJwIPo6y7byUWOne15a0dLqXv8x2zFHV6U/0dtBbvNOVSsOpQaERlAWbFcVuD+KqnkLhGIZnCg== X-Received: by 2002:adf:f0d0:: with SMTP id x16mr655177wro.162.1608237229537; Thu, 17 Dec 2020 12:33:49 -0800 (PST) Received: from localhost.localdomain (host-95-239-64-30.retail.telecomitalia.it. [95.239.64.30]) by smtp.gmail.com with ESMTPSA id a62sm11729128wmh.40.2020.12.17.12.33.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Dec 2020 12:33:49 -0800 (PST) From: "Andrea Parri (Microsoft)" To: linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org Cc: "K . Y . Srinivasan" , Haiyang Zhang , Stephen Hemminger , Wei Liu , Dexuan Cui , Michael Kelley , Saruhan Karademir , Juan Vazquez , "Andrea Parri (Microsoft)" , "James E.J. Bottomley" , "Martin K. Petersen" , linux-scsi@vger.kernel.org Subject: [PATCH 1/3] scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer Date: Thu, 17 Dec 2020 21:33:19 +0100 Message-Id: <20201217203321.4539-2-parri.andrea@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201217203321.4539-1-parri.andrea@gmail.com> References: <20201217203321.4539-1-parri.andrea@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Current code overestimates the value of max_outstanding_req_per_channel for Win8 and newer hosts, since vmscsi_size_delta is set to the initial value of sizeof(vmscsi_win8_extension) rather than zero. This may lead to wrong decisions when using ring_avail_percent_lowater equals to zero. The estimate of max_outstanding_req_per_channel is 'exact' for Win7 and older hosts. A better choice, keeping the algorithm for the estimation simple, is to err the other way around, i.e., to underestimate for Win7 and older but to use the exact value for Win8 and newer. Suggested-by: Dexuan Cui Signed-off-by: Andrea Parri (Microsoft) Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org Reviewed-by: Michael Kelley --- drivers/scsi/storvsc_drv.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c index ded00a89bfc4e..64298aa2f151e 100644 --- a/drivers/scsi/storvsc_drv.c +++ b/drivers/scsi/storvsc_drv.c @@ -2141,12 +2141,15 @@ static int __init storvsc_drv_init(void) * than the ring buffer size since that page is reserved for * the ring buffer indices) by the max request size (which is * vmbus_channel_packet_multipage_buffer + struct vstor_packet + u64) + * + * The computation underestimates max_outstanding_req_per_channel + * for Win7 and older hosts because it does not take into account + * the vmscsi_size_delta correction to the max request size. */ max_outstanding_req_per_channel = ((storvsc_ringbuffer_size - PAGE_SIZE) / ALIGN(MAX_MULTIPAGE_BUFFER_PACKET + - sizeof(struct vstor_packet) + sizeof(u64) - - vmscsi_size_delta, + sizeof(struct vstor_packet) + sizeof(u64), sizeof(u64))); #if IS_ENABLED(CONFIG_SCSI_FC_ATTRS) From patchwork Thu Dec 17 20:33:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Parri X-Patchwork-Id: 345263 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4389EC3526D for ; Thu, 17 Dec 2020 20:35:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 18083239FE for ; Thu, 17 Dec 2020 20:35:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731600AbgLQUeg (ORCPT ); Thu, 17 Dec 2020 15:34:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36290 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731595AbgLQUef (ORCPT ); Thu, 17 Dec 2020 15:34:35 -0500 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 484DFC06138C; Thu, 17 Dec 2020 12:33:55 -0800 (PST) Received: by mail-wm1-x331.google.com with SMTP id r4so163543wmh.5; Thu, 17 Dec 2020 12:33:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gQGWPM/sf8+J1RLMjv3ZaWA/7DvHetdsTdc1DOQtFJQ=; b=qQikXu51Qi9p3EQTAoWNtLzcEEHx9Kz0wZB/60aM5LTsJCBfmY6s87JDfUxpYcF5Cm U1sIg7LPP64Rn1Ox2oOwk8xsX4H47lWqfM9K95gsaz96Onhi/hWiRDXiCNqP3AoWBNZm XeZnXJMbAy/tkoIpb7DcKMJnIjSkz54Rvm19/BdeTj5HW6fflJf05Yt5CcN+811CS2x6 1N1KQo9awFYDJvAqDDIjJmbAaqZ3VaYg3cnzGfTQDFGKblBXTl0qAU0TQpbJAI+4Wf54 wtx94CGODvCKpaY9PJWPZeYaz/42GwxhSIaGI/HoLkinsD4rvyJx6tIiMvIXJaAekrpr k+kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gQGWPM/sf8+J1RLMjv3ZaWA/7DvHetdsTdc1DOQtFJQ=; b=GQnSiu5jwwEXsx794a4EYLK1R9wq9qdL7JimL3GxKi+jt8mqLmsKf/G+UuMieBUXRx IZJu16rqxqXObpt3jsQMNTbpSDTQVwH+1PSetctNTbYGZvdepn9aSnh+BFFuGuJbOAoJ jS5R/30k8x9Q8iY3g2F/GzznJjxBlo9iKLQPGCcZF48i3njhhHNVIN3ab95hvMu28MBd OL9P5CptlJWQrPGU8MTF9WdSKcAACtVCcx0vtyCezKz1uHuL8JSVQgQR7HuF3PTr4EhS Bd0cXA5tvCWTydTEnD9nnq4NkcYpDWuZxqGQdkA2r/hR+bvYbJbku91KyiZ0Mg0PeHkq 1d8Q== X-Gm-Message-State: AOAM531Qet9EQSFA+ReI+4/9yXqM15/YMbrpljnxNEqTGp8N1FDflRGh 23CQH6SDlXZjD6FwRr3TOfWIEqvOrtYbvd79 X-Google-Smtp-Source: ABdhPJzHhkG60AUjmunNTz3OqiaOhMWdwUPpzrmUPPmz9Ttw2uRDJTCtpDLdFCTPRlwZsVlESFHdVw== X-Received: by 2002:a1c:770d:: with SMTP id t13mr1036395wmi.153.1608237233745; Thu, 17 Dec 2020 12:33:53 -0800 (PST) Received: from localhost.localdomain (host-95-239-64-30.retail.telecomitalia.it. [95.239.64.30]) by smtp.gmail.com with ESMTPSA id a62sm11729128wmh.40.2020.12.17.12.33.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Dec 2020 12:33:53 -0800 (PST) From: "Andrea Parri (Microsoft)" To: linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org Cc: "K . Y . Srinivasan" , Haiyang Zhang , Stephen Hemminger , Wei Liu , Dexuan Cui , Michael Kelley , Saruhan Karademir , Juan Vazquez , "Andrea Parri (Microsoft)" , "James E.J. Bottomley" , "Martin K. Petersen" , linux-scsi@vger.kernel.org Subject: [PATCH 3/3] scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() Date: Thu, 17 Dec 2020 21:33:21 +0100 Message-Id: <20201217203321.4539-4-parri.andrea@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201217203321.4539-1-parri.andrea@gmail.com> References: <20201217203321.4539-1-parri.andrea@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org Check that the packet is of the expected size at least, don't copy data past the packet. Reported-by: Saruhan Karademir Signed-off-by: Andrea Parri (Microsoft) Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-scsi@vger.kernel.org Reviewed-by: Dexuan Cui Reviewed-by: Michael Kelley --- drivers/scsi/storvsc_drv.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c index 8714355cb63e7..4b8bde2750fac 100644 --- a/drivers/scsi/storvsc_drv.c +++ b/drivers/scsi/storvsc_drv.c @@ -1250,6 +1250,12 @@ static void storvsc_on_channel_callback(void *context) request = (struct storvsc_cmd_request *) ((unsigned long)desc->trans_id); + if (hv_pkt_datalen(desc) < sizeof(struct vstor_packet) - + stor_device->vmscsi_size_delta) { + dev_err(&device->device, "Invalid packet len\n"); + continue; + } + if (request == &stor_device->init_request || request == &stor_device->reset_request) { memcpy(&request->vstor_packet, packet,