lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed,  6 Oct 2021 00:03:45 -0700
From:   Dexuan Cui <decui@...rosoft.com>
To:     kys@...rosoft.com, sthemmin@...rosoft.com, wei.liu@...nel.org,
        jejb@...ux.ibm.com, martin.petersen@...cle.com,
        haiyangz@...rosoft.com, ming.lei@...hat.com, bvanassche@....org,
        john.garry@...wei.com, linux-scsi@...r.kernel.org,
        linux-hyperv@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, Dexuan Cui <decui@...rosoft.com>,
        stable@...r.kernel.org
Subject: [PATCH] scsi: storvsc: Cap scsi_driver.can_queue to fix a hang issue during boot

After commit ea2f0f77538c, a 416-CPU VM running on Hyper-V hangs during
boot because scsi_add_host_with_dma() sets shost->cmd_per_lun to a
negative number:
	'max_outstanding_req_per_channel' is 352,
	'max_sub_channels' is (416 - 1) / 4 = 103, so in storvsc_probe(),
scsi_driver.can_queue = 352 * (103 + 1) * (100 - 10) / 100 = 32947, which
is bigger than SHRT_MAX (i.e. 32767).

Fix the hang issue by capping scsi_driver.can_queue.

Add the below Fixed tag though ea2f0f77538c itself is good.

Fixes: ea2f0f77538c ("scsi: core: Cap scsi_host cmd_per_lun at can_queue")
Cc: stable@...r.kernel.org
Signed-off-by: Dexuan Cui <decui@...rosoft.com>
---
 drivers/scsi/storvsc_drv.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index ebbbc1299c62..ba374908aec2 100644
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -1976,6 +1976,16 @@ static int storvsc_probe(struct hv_device *device,
 				(max_sub_channels + 1) *
 				(100 - ring_avail_percent_lowater) / 100;
 
+	/*
+	 * v5.14 (see commit ea2f0f77538c) implicitly requires that
+	 * scsi_driver.can_queue should not exceed SHRT_MAX, otherwise
+	 * scsi_add_host_with_dma() sets shost->cmd_per_lun to a negative
+	 * number (note: the type of the "cmd_per_lun" field is "short"), and
+	 * the system may hang during early boot.
+	 */
+	if (scsi_driver.can_queue > SHRT_MAX)
+		scsi_driver.can_queue = SHRT_MAX;
+
 	host = scsi_host_alloc(&scsi_driver,
 			       sizeof(struct hv_host_device));
 	if (!host)
-- 
2.17.1

Powered by blists - more mailing lists