zbd: avoid zone buffer overrun

If the total number of zones on a drive is calculated to a value that
is less than the number of zones it can actually report, zone info
buffer can be overrun. This may happen not only due to drive firmware
problems, but also because of underlying software incorrectly
reporting zoned device capacity.

Fix this by more carefully setting zone report size.

Signed-off-by: Dmitry Fomichev <dmitry.fomichev@wdc.com>
Reviewed-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/zbd.c b/zbd.c
index 019eaf623c5a575d5aaccb5b10f2b5ea150d8646..a3c1ff9a945e809243695e9b3c85284cd7d9c799 100644 (file)
--- a/zbd.c
+++ b/zbd.c
@@ -526,8 +526,9 @@ static int parse_zone_info(struct thread_data *td, struct fio_file *f)
                offset = z->start + z->len;
                if (j >= nr_zones)
                        break;
-               nrz = zbd_report_zones(td, f, offset,
-                                           zones, ZBD_REPORT_MAX_ZONES);
+               nrz = zbd_report_zones(td, f, offset, zones,
+                                      min((uint32_t)(nr_zones - j),
+                                          ZBD_REPORT_MAX_ZONES));
                if (nrz < 0) {
                        ret = nrz;
                        log_info("fio: report zones (offset %llu) failed for %s (%d).\n",