scsi: scsi_debug: Fix one-partition tape setup bounds

The tape setup path uses one tape_block entry as the end-of-data marker
after the usable tape blocks. For the one-partition layout, partition 0
uses all TAPE_UNITS data slots and partition 1's marker is written at
tape_blocks[0] + TAPE_UNITS.

Only TAPE_UNITS entries are allocated, so that marker write is one
element past the allocation during device initialization before any
command is issued.

Allocate one extra tape_block entry for the marker. This keeps the
existing partitioning paths unchanged while providing backing storage
for the sentinel.

Assisted-by: Codex:gpt-5.5-cyber-preview
Signed-off-by: Samuel Moelius <sam.moelius@trailofbits.com>
Reviewed-by: Kai Mäkisara <Kai.Makisara@kolumbus.fi>
Link: https://patch.msgid.link/20260604234724.1936118-1-sam.moelius@trailofbits.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index a2f85ee1ae577446664a6e6b8d559a00ae4589be..bb6b0e7fb9105a9f5b0cda4fe7ef2be6f6f154f6 100644 (file)
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -6640,7 +6640,7 @@ static int scsi_debug_sdev_configure(struct scsi_device *sdp,
        if (sdebug_ptype == TYPE_TAPE) {
                if (!devip->tape_blocks[0]) {
                        devip->tape_blocks[0] =
-                               kzalloc_objs(struct tape_block, TAPE_UNITS);
+                               kzalloc_objs(struct tape_block, TAPE_UNITS + 1);
                        if (!devip->tape_blocks[0])
                                return 1;
                }