FAILED: patch "[PATCH] null_blk: Fix zone size initialization" failed to apply to 4.19-stable tree

FAILED: patch "[PATCH] null_blk: Fix zone size initialization" failed to apply to 4.19-stable tree

[gregkh]

The patch below does not apply to the 4.19-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

From 0ebcdd702f49aeb0ad2e2d894f8c124a0acc6e23 Mon Sep 17 00:00:00 2001
From: Damien Le Moal <damien.lemoal@wdc.com>
Date: Fri, 20 Nov 2020 10:55:11 +0900
Subject: [PATCH] null_blk: Fix zone size initialization

For a null_blk device with zoned mode enabled is currently initialized
with a number of zones equal to the device capacity divided by the zone
size, without considering if the device capacity is a multiple of the
zone size. If the zone size is not a divisor of the capacity, the zones
end up not covering the entire capacity, potentially resulting is out
of bounds accesses to the zone array.

Fix this by adding one last smaller zone with a size equal to the
remainder of the disk capacity divided by the zone size if the capacity
is not a multiple of the zone size. For such smaller last zone, the zone
capacity is also checked so that it does not exceed the smaller zone
size.

Reported-by: Naohiro Aota <naohiro.aota@wdc.com>
Fixes: ca4b2a011948 ("null_blk: add zone support")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/drivers/block/null_blk_zoned.c b/drivers/block/null_blk_zoned.c
index beb34b4f76b0..1d0370d91fe7 100644
--- a/drivers/block/null_blk_zoned.c
+++ b/drivers/block/null_blk_zoned.c
@@ -6,8 +6,7 @@
 #define CREATE_TRACE_POINTS
 #include "null_blk_trace.h"
 
-/* zone_size in MBs to sectors. */
-#define ZONE_SIZE_SHIFT		11
+#define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
 
 static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
 {
@@ -16,7 +15,7 @@ static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
 
 int null_init_zoned_dev(struct nullb_device *dev, struct request_queue *q)
 {
-	sector_t dev_size = (sector_t)dev->size * 1024 * 1024;
+	sector_t dev_capacity_sects, zone_capacity_sects;
 	sector_t sector = 0;
 	unsigned int i;
 
@@ -38,9 +37,13 @@ int null_init_zoned_dev(struct nullb_device *dev, struct request_queue *q)
 		return -EINVAL;
 	}
 
-	dev->zone_size_sects = dev->zone_size << ZONE_SIZE_SHIFT;
-	dev->nr_zones = dev_size >>
-				(SECTOR_SHIFT + ilog2(dev->zone_size_sects));
+	zone_capacity_sects = MB_TO_SECTS(dev->zone_capacity);
+	dev_capacity_sects = MB_TO_SECTS(dev->size);
+	dev->zone_size_sects = MB_TO_SECTS(dev->zone_size);
+	dev->nr_zones = dev_capacity_sects >> ilog2(dev->zone_size_sects);
+	if (dev_capacity_sects & (dev->zone_size_sects - 1))
+		dev->nr_zones++;
+
 	dev->zones = kvmalloc_array(dev->nr_zones, sizeof(struct blk_zone),
 			GFP_KERNEL | __GFP_ZERO);
 	if (!dev->zones)
@@ -101,8 +104,12 @@ int null_init_zoned_dev(struct nullb_device *dev, struct request_queue *q)
 		struct blk_zone *zone = &dev->zones[i];
 
 		zone->start = zone->wp = sector;
-		zone->len = dev->zone_size_sects;
-		zone->capacity = dev->zone_capacity << ZONE_SIZE_SHIFT;
+		if (zone->start + dev->zone_size_sects > dev_capacity_sects)
+			zone->len = dev_capacity_sects - zone->start;
+		else
+			zone->len = dev->zone_size_sects;
+		zone->capacity =
+			min_t(sector_t, zone->len, zone_capacity_sects);
 		zone->type = BLK_ZONE_TYPE_SEQWRITE_REQ;
 		zone->cond = BLK_ZONE_COND_EMPTY;
 

[PATCH] null_blk: Fix zone size initialization

[Damien Le Moal]

commit 0ebcdd702f49aeb0ad2e2d894f8c124a0acc6e23 upstream.

For a null_blk device with zoned mode enabled is currently initialized
with a number of zones equal to the device capacity divided by the zone
size, without considering if the device capacity is a multiple of the
zone size. If the zone size is not a divisor of the capacity, the zones
end up not covering the entire capacity, potentially resulting is out
of bounds accesses to the zone array.

Fix this by adding one last smaller zone with a size equal to the
remainder of the disk capacity divided by the zone size if the capacity
is not a multiple of the zone size. For such smaller last zone, the zone
capacity is also checked so that it does not exceed the smaller zone
size.

Reported-by: Naohiro Aota <naohiro.aota@wdc.com>
Fixes: ca4b2a011948 ("null_blk: add zone support")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
 drivers/block/null_blk_zoned.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/drivers/block/null_blk_zoned.c b/drivers/block/null_blk_zoned.c
index 2553e05e0725..5f1376578ea3 100644
--- a/drivers/block/null_blk_zoned.c
+++ b/drivers/block/null_blk_zoned.c
@@ -2,8 +2,7 @@
 #include <linux/vmalloc.h>
 #include "null_blk.h"
 
-/* zone_size in MBs to sectors. */
-#define ZONE_SIZE_SHIFT		11
+#define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
 
 static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
 {
@@ -12,7 +11,7 @@ static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
 
 int null_zone_init(struct nullb_device *dev)
 {
-	sector_t dev_size = (sector_t)dev->size * 1024 * 1024;
+	sector_t dev_capacity_sects;
 	sector_t sector = 0;
 	unsigned int i;
 
@@ -25,9 +24,12 @@ int null_zone_init(struct nullb_device *dev)
 		return -EINVAL;
 	}
 
-	dev->zone_size_sects = dev->zone_size << ZONE_SIZE_SHIFT;
-	dev->nr_zones = dev_size >>
-				(SECTOR_SHIFT + ilog2(dev->zone_size_sects));
+	dev_capacity_sects = MB_TO_SECTS(dev->size);
+	dev->zone_size_sects = MB_TO_SECTS(dev->zone_size);
+	dev->nr_zones = dev_capacity_sects >> ilog2(dev->zone_size_sects);
+	if (dev_capacity_sects & (dev->zone_size_sects - 1))
+		dev->nr_zones++;
+
 	dev->zones = kvmalloc_array(dev->nr_zones, sizeof(struct blk_zone),
 			GFP_KERNEL | __GFP_ZERO);
 	if (!dev->zones)
@@ -55,7 +57,10 @@ int null_zone_init(struct nullb_device *dev)
 		struct blk_zone *zone = &dev->zones[i];
 
 		zone->start = zone->wp = sector;
-		zone->len = dev->zone_size_sects;
+		if (zone->start + dev->zone_size_sects > dev_capacity_sects)
+			zone->len = dev_capacity_sects - zone->start;
+		else
+			zone->len = dev->zone_size_sects;
 		zone->type = BLK_ZONE_TYPE_SEQWRITE_REQ;
 		zone->cond = BLK_ZONE_COND_EMPTY;
 
-- 
2.29.2

Re: FAILED: patch "[PATCH] null_blk: Fix zone size initialization" failed to apply to 4.19-stable tree

[Damien Le Moal]

On Mon, 2020-12-28 at 12:49 +0100, gregkh@linuxfoundation.org wrote:
> The patch below does not apply to the 4.19-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@vger.kernel.org>.
> 
> thanks,
> 
> greg k-h

Hi Greg,

I sent a backported patch for 4.19-stable in reply to your email. The backport
is identical to the one I sent separately for the 5.4-stable tree.

Thanks.


> 
> ------------------ original commit in Linus's tree ------------------
> 
> From 0ebcdd702f49aeb0ad2e2d894f8c124a0acc6e23 Mon Sep 17 00:00:00 2001
> From: Damien Le Moal <damien.lemoal@wdc.com>
> Date: Fri, 20 Nov 2020 10:55:11 +0900
> Subject: [PATCH] null_blk: Fix zone size initialization
> 
> For a null_blk device with zoned mode enabled is currently initialized
> with a number of zones equal to the device capacity divided by the zone
> size, without considering if the device capacity is a multiple of the
> zone size. If the zone size is not a divisor of the capacity, the zones
> end up not covering the entire capacity, potentially resulting is out
> of bounds accesses to the zone array.
> 
> Fix this by adding one last smaller zone with a size equal to the
> remainder of the disk capacity divided by the zone size if the capacity
> is not a multiple of the zone size. For such smaller last zone, the zone
> capacity is also checked so that it does not exceed the smaller zone
> size.
> 
> Reported-by: Naohiro Aota <naohiro.aota@wdc.com>
> Fixes: ca4b2a011948 ("null_blk: add zone support")
> Cc: stable@vger.kernel.org
> Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
> Signed-off-by: Jens Axboe <axboe@kernel.dk>
> 
> diff --git a/drivers/block/null_blk_zoned.c b/drivers/block/null_blk_zoned.c
> index beb34b4f76b0..1d0370d91fe7 100644
> --- a/drivers/block/null_blk_zoned.c
> +++ b/drivers/block/null_blk_zoned.c
> @@ -6,8 +6,7 @@
>  #define CREATE_TRACE_POINTS
>  #include "null_blk_trace.h"
>  
> 
> 
> 
> -/* zone_size in MBs to sectors. */
> -#define ZONE_SIZE_SHIFT		11
> +#define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
>  
> 
> 
> 
>  static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
>  {
> @@ -16,7 +15,7 @@ static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
>  
> 
> 
> 
>  int null_init_zoned_dev(struct nullb_device *dev, struct request_queue *q)
>  {
> -	sector_t dev_size = (sector_t)dev->size * 1024 * 1024;
> +	sector_t dev_capacity_sects, zone_capacity_sects;
>  	sector_t sector = 0;
>  	unsigned int i;
>  
> 
> 
> 
> @@ -38,9 +37,13 @@ int null_init_zoned_dev(struct nullb_device *dev, struct request_queue *q)
>  		return -EINVAL;
>  	}
>  
> 
> 
> 
> -	dev->zone_size_sects = dev->zone_size << ZONE_SIZE_SHIFT;
> -	dev->nr_zones = dev_size >>
> -				(SECTOR_SHIFT + ilog2(dev->zone_size_sects));
> +	zone_capacity_sects = MB_TO_SECTS(dev->zone_capacity);
> +	dev_capacity_sects = MB_TO_SECTS(dev->size);
> +	dev->zone_size_sects = MB_TO_SECTS(dev->zone_size);
> +	dev->nr_zones = dev_capacity_sects >> ilog2(dev->zone_size_sects);
> +	if (dev_capacity_sects & (dev->zone_size_sects - 1))
> +		dev->nr_zones++;
> +
>  	dev->zones = kvmalloc_array(dev->nr_zones, sizeof(struct blk_zone),
>  			GFP_KERNEL | __GFP_ZERO);
>  	if (!dev->zones)
> @@ -101,8 +104,12 @@ int null_init_zoned_dev(struct nullb_device *dev, struct request_queue *q)
>  		struct blk_zone *zone = &dev->zones[i];
>  
> 
> 
> 
>  		zone->start = zone->wp = sector;
> -		zone->len = dev->zone_size_sects;
> -		zone->capacity = dev->zone_capacity << ZONE_SIZE_SHIFT;
> +		if (zone->start + dev->zone_size_sects > dev_capacity_sects)
> +			zone->len = dev_capacity_sects - zone->start;
> +		else
> +			zone->len = dev->zone_size_sects;
> +		zone->capacity =
> +			min_t(sector_t, zone->len, zone_capacity_sects);
>  		zone->type = BLK_ZONE_TYPE_SEQWRITE_REQ;
>  		zone->cond = BLK_ZONE_COND_EMPTY;
>  
> 
> 
> 
> 

-- 
Damien Le Moal
Western Digital

Re: FAILED: patch "[PATCH] null_blk: Fix zone size initialization" failed to apply to 4.19-stable tree

[gregkh]

On Mon, Jan 04, 2021 at 06:14:41AM +0000, Damien Le Moal wrote:
> On Mon, 2020-12-28 at 12:49 +0100, gregkh@linuxfoundation.org wrote:
> > The patch below does not apply to the 4.19-stable tree.
> > If someone wants it applied there, or to any other stable or longterm
> > tree, then please email the backport, including the original git commit
> > id to <stable@vger.kernel.org>.
> > 
> > thanks,
> > 
> > greg k-h
> 
> Hi Greg,
> 
> I sent a backported patch for 4.19-stable in reply to your email. The backport
> is identical to the one I sent separately for the 5.4-stable tree.

It breaks the build:

drivers/block/null_blk_zoned.c: In function ‘null_zone_init’:
drivers/block/null_blk_zoned.c:5:42: error: ‘SZ_1M’ undeclared (first use in this function)
    5 | #define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
      |                                          ^~~~~
drivers/block/null_blk_zoned.c:27:23: note: in expansion of macro ‘MB_TO_SECTS’
   27 |  dev_capacity_sects = MB_TO_SECTS(dev->size);
      |                       ^~~~~~~~~~~
drivers/block/null_blk_zoned.c:5:42: note: each undeclared identifier is reported only once for each function it appears in
    5 | #define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
      |                                          ^~~~~
drivers/block/null_blk_zoned.c:27:23: note: in expansion of macro ‘MB_TO_SECTS’
   27 |  dev_capacity_sects = MB_TO_SECTS(dev->size);
      |                       ^~~~~~~~~~~

:(

Re: FAILED: patch "[PATCH] null_blk: Fix zone size initialization" failed to apply to 4.19-stable tree

[Damien Le Moal]

On 2021/01/04 19:51, gregkh@linuxfoundation.org wrote:
> On Mon, Jan 04, 2021 at 06:14:41AM +0000, Damien Le Moal wrote:
>> On Mon, 2020-12-28 at 12:49 +0100, gregkh@linuxfoundation.org wrote:
>>> The patch below does not apply to the 4.19-stable tree.
>>> If someone wants it applied there, or to any other stable or longterm
>>> tree, then please email the backport, including the original git commit
>>> id to <stable@vger.kernel.org>.
>>>
>>> thanks,
>>>
>>> greg k-h
>>
>> Hi Greg,
>>
>> I sent a backported patch for 4.19-stable in reply to your email. The backport
>> is identical to the one I sent separately for the 5.4-stable tree.
> 
> It breaks the build:
> 
> drivers/block/null_blk_zoned.c: In function ‘null_zone_init’:
> drivers/block/null_blk_zoned.c:5:42: error: ‘SZ_1M’ undeclared (first use in this function)
>     5 | #define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
>       |                                          ^~~~~
> drivers/block/null_blk_zoned.c:27:23: note: in expansion of macro ‘MB_TO_SECTS’
>    27 |  dev_capacity_sects = MB_TO_SECTS(dev->size);
>       |                       ^~~~~~~~~~~
> drivers/block/null_blk_zoned.c:5:42: note: each undeclared identifier is reported only once for each function it appears in
>     5 | #define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
>       |                                          ^~~~~
> drivers/block/null_blk_zoned.c:27:23: note: in expansion of macro ‘MB_TO_SECTS’
>    27 |  dev_capacity_sects = MB_TO_SECTS(dev->size);
>       |                       ^~~~~~~~~~~
> 
> :(
> 
> 

Oops. Looks like I screwed up something with my tests. Sorry about that. Let me
resend that.

-- 
Damien Le Moal
Western Digital Research

[PATCH] null_blk: Fix zone size initialization

[Damien Le Moal]

commit 0ebcdd702f49aeb0ad2e2d894f8c124a0acc6e23 upstream.

For a null_blk device with zoned mode enabled is currently initialized
with a number of zones equal to the device capacity divided by the zone
size, without considering if the device capacity is a multiple of the
zone size. If the zone size is not a divisor of the capacity, the zones
end up not covering the entire capacity, potentially resulting is out
of bounds accesses to the zone array.

Fix this by adding one last smaller zone with a size equal to the
remainder of the disk capacity divided by the zone size if the capacity
is not a multiple of the zone size. For such smaller last zone, the zone
capacity is also checked so that it does not exceed the smaller zone
size.

Reported-by: Naohiro Aota <naohiro.aota@wdc.com>
Fixes: ca4b2a011948 ("null_blk: add zone support")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
 drivers/block/null_blk_zoned.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/drivers/block/null_blk_zoned.c b/drivers/block/null_blk_zoned.c
index d1725ac636c0..079ed33fd806 100644
--- a/drivers/block/null_blk_zoned.c
+++ b/drivers/block/null_blk_zoned.c
@@ -1,9 +1,9 @@
 // SPDX-License-Identifier: GPL-2.0
 #include <linux/vmalloc.h>
+#include <linux/sizes.h>
 #include "null_blk.h"
 
-/* zone_size in MBs to sectors. */
-#define ZONE_SIZE_SHIFT		11
+#define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
 
 static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
 {
@@ -12,7 +12,7 @@ static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
 
 int null_zone_init(struct nullb_device *dev)
 {
-	sector_t dev_size = (sector_t)dev->size * 1024 * 1024;
+	sector_t dev_capacity_sects;
 	sector_t sector = 0;
 	unsigned int i;
 
@@ -25,9 +25,12 @@ int null_zone_init(struct nullb_device *dev)
 		return -EINVAL;
 	}
 
-	dev->zone_size_sects = dev->zone_size << ZONE_SIZE_SHIFT;
-	dev->nr_zones = dev_size >>
-				(SECTOR_SHIFT + ilog2(dev->zone_size_sects));
+	dev_capacity_sects = MB_TO_SECTS(dev->size);
+	dev->zone_size_sects = MB_TO_SECTS(dev->zone_size);
+	dev->nr_zones = dev_capacity_sects >> ilog2(dev->zone_size_sects);
+	if (dev_capacity_sects & (dev->zone_size_sects - 1))
+		dev->nr_zones++;
+
 	dev->zones = kvmalloc_array(dev->nr_zones, sizeof(struct blk_zone),
 			GFP_KERNEL | __GFP_ZERO);
 	if (!dev->zones)
@@ -37,7 +40,10 @@ int null_zone_init(struct nullb_device *dev)
 		struct blk_zone *zone = &dev->zones[i];
 
 		zone->start = zone->wp = sector;
-		zone->len = dev->zone_size_sects;
+		if (zone->start + dev->zone_size_sects > dev_capacity_sects)
+			zone->len = dev_capacity_sects - zone->start;
+		else
+			zone->len = dev->zone_size_sects;
 		zone->type = BLK_ZONE_TYPE_SEQWRITE_REQ;
 		zone->cond = BLK_ZONE_COND_EMPTY;
 
-- 
2.29.2

Re: FAILED: patch "[PATCH] null_blk: Fix zone size initialization" failed to apply to 4.19-stable tree

[Damien Le Moal]

On 2021/01/04 19:51, gregkh@linuxfoundation.org wrote:
> On Mon, Jan 04, 2021 at 06:14:41AM +0000, Damien Le Moal wrote:
>> On Mon, 2020-12-28 at 12:49 +0100, gregkh@linuxfoundation.org wrote:
>>> The patch below does not apply to the 4.19-stable tree.
>>> If someone wants it applied there, or to any other stable or longterm
>>> tree, then please email the backport, including the original git commit
>>> id to <stable@vger.kernel.org>.
>>>
>>> thanks,
>>>
>>> greg k-h
>>
>> Hi Greg,
>>
>> I sent a backported patch for 4.19-stable in reply to your email. The backport
>> is identical to the one I sent separately for the 5.4-stable tree.
> 
> It breaks the build:
> 
> drivers/block/null_blk_zoned.c: In function ‘null_zone_init’:
> drivers/block/null_blk_zoned.c:5:42: error: ‘SZ_1M’ undeclared (first use in this function)
>     5 | #define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
>       |                                          ^~~~~
> drivers/block/null_blk_zoned.c:27:23: note: in expansion of macro ‘MB_TO_SECTS’
>    27 |  dev_capacity_sects = MB_TO_SECTS(dev->size);
>       |                       ^~~~~~~~~~~
> drivers/block/null_blk_zoned.c:5:42: note: each undeclared identifier is reported only once for each function it appears in
>     5 | #define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
>       |                                          ^~~~~
> drivers/block/null_blk_zoned.c:27:23: note: in expansion of macro ‘MB_TO_SECTS’
>    27 |  dev_capacity_sects = MB_TO_SECTS(dev->size);
>       |                       ^~~~~~~~~~~
> 
> :(

Unclear where I made a mistake before sending this. It was missing an include.
I sent the proper patch, correctly tested this time, in reply to the above email.

Thanks !


-- 
Damien Le Moal
Western Digital Research

Re: [PATCH] null_blk: Fix zone size initialization

[Greg Kroah-Hartman]

On Mon, Jan 04, 2021 at 09:11:47PM +0900, Damien Le Moal wrote:
> commit 0ebcdd702f49aeb0ad2e2d894f8c124a0acc6e23 upstream.
> 
> For a null_blk device with zoned mode enabled is currently initialized
> with a number of zones equal to the device capacity divided by the zone
> size, without considering if the device capacity is a multiple of the
> zone size. If the zone size is not a divisor of the capacity, the zones
> end up not covering the entire capacity, potentially resulting is out
> of bounds accesses to the zone array.
> 
> Fix this by adding one last smaller zone with a size equal to the
> remainder of the disk capacity divided by the zone size if the capacity
> is not a multiple of the zone size. For such smaller last zone, the zone
> capacity is also checked so that it does not exceed the smaller zone
> size.
> 
> Reported-by: Naohiro Aota <naohiro.aota@wdc.com>
> Fixes: ca4b2a011948 ("null_blk: add zone support")
> Cc: stable@vger.kernel.org
> Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
> Signed-off-by: Jens Axboe <axboe@kernel.dk>
> ---
>  drivers/block/null_blk_zoned.c | 20 +++++++++++++-------
>  1 file changed, 13 insertions(+), 7 deletions(-)

That worked, thanks!

greg k-h

Re: [PATCH] null_blk: Fix zone size initialization

[Greg Kroah-Hartman]

On Mon, Jan 04, 2021 at 03:10:44PM +0900, Damien Le Moal wrote:
> commit 0ebcdd702f49aeb0ad2e2d894f8c124a0acc6e23 upstream.
> 
> For a null_blk device with zoned mode enabled is currently initialized
> with a number of zones equal to the device capacity divided by the zone
> size, without considering if the device capacity is a multiple of the
> zone size. If the zone size is not a divisor of the capacity, the zones
> end up not covering the entire capacity, potentially resulting is out
> of bounds accesses to the zone array.
> 
> Fix this by adding one last smaller zone with a size equal to the
> remainder of the disk capacity divided by the zone size if the capacity
> is not a multiple of the zone size. For such smaller last zone, the zone
> capacity is also checked so that it does not exceed the smaller zone
> size.

Now queued up, thanks.

greg k-h

[PATCH] null_blk: Fix zone size initialization

[Damien Le Moal]

commit 0ebcdd702f49aeb0ad2e2d894f8c124a0acc6e23 upstream.

For a null_blk device with zoned mode enabled is currently initialized
with a number of zones equal to the device capacity divided by the zone
size, without considering if the device capacity is a multiple of the
zone size. If the zone size is not a divisor of the capacity, the zones
end up not covering the entire capacity, potentially resulting is out
of bounds accesses to the zone array.

Fix this by adding one last smaller zone with a size equal to the
remainder of the disk capacity divided by the zone size if the capacity
is not a multiple of the zone size. For such smaller last zone, the zone
capacity is also checked so that it does not exceed the smaller zone
size.

Reported-by: Naohiro Aota <naohiro.aota@wdc.com>
Fixes: ca4b2a011948 ("null_blk: add zone support")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
 drivers/block/null_blk_zoned.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/drivers/block/null_blk_zoned.c b/drivers/block/null_blk_zoned.c
index 2553e05e0725..5f1376578ea3 100644
--- a/drivers/block/null_blk_zoned.c
+++ b/drivers/block/null_blk_zoned.c
@@ -2,8 +2,7 @@
 #include <linux/vmalloc.h>
 #include "null_blk.h"
 
-/* zone_size in MBs to sectors. */
-#define ZONE_SIZE_SHIFT		11
+#define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
 
 static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
 {
@@ -12,7 +11,7 @@ static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
 
 int null_zone_init(struct nullb_device *dev)
 {
-	sector_t dev_size = (sector_t)dev->size * 1024 * 1024;
+	sector_t dev_capacity_sects;
 	sector_t sector = 0;
 	unsigned int i;
 
@@ -25,9 +24,12 @@ int null_zone_init(struct nullb_device *dev)
 		return -EINVAL;
 	}
 
-	dev->zone_size_sects = dev->zone_size << ZONE_SIZE_SHIFT;
-	dev->nr_zones = dev_size >>
-				(SECTOR_SHIFT + ilog2(dev->zone_size_sects));
+	dev_capacity_sects = MB_TO_SECTS(dev->size);
+	dev->zone_size_sects = MB_TO_SECTS(dev->zone_size);
+	dev->nr_zones = dev_capacity_sects >> ilog2(dev->zone_size_sects);
+	if (dev_capacity_sects & (dev->zone_size_sects - 1))
+		dev->nr_zones++;
+
 	dev->zones = kvmalloc_array(dev->nr_zones, sizeof(struct blk_zone),
 			GFP_KERNEL | __GFP_ZERO);
 	if (!dev->zones)
@@ -55,7 +57,10 @@ int null_zone_init(struct nullb_device *dev)
 		struct blk_zone *zone = &dev->zones[i];
 
 		zone->start = zone->wp = sector;
-		zone->len = dev->zone_size_sects;
+		if (zone->start + dev->zone_size_sects > dev_capacity_sects)
+			zone->len = dev_capacity_sects - zone->start;
+		else
+			zone->len = dev->zone_size_sects;
 		zone->type = BLK_ZONE_TYPE_SEQWRITE_REQ;
 		zone->cond = BLK_ZONE_COND_EMPTY;
 
-- 
2.29.2