linux-block.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [4.19.y] 32-bit overflow in __blkdev_issue_discard()
@ 2020-01-30 12:10 Konstantin Khlebnikov
  2020-01-30 14:27 ` Greg KH
  0 siblings, 1 reply; 2+ messages in thread
From: Konstantin Khlebnikov @ 2020-01-30 12:10 UTC (permalink / raw)
  To: Stable; +Cc: linux-block, Jens Axboe, Ming Lei, Dmitry Monakhov

Please consider including into 4.19 upstream commits

ba5d73851e71847ba7f7f4c27a1a6e1f5ab91c79
("block: cleanup __blkdev_issue_discard()")

and

4800bf7bc8c725e955fcbc6191cc872f43f506d3
("block: fix 32 bit overflow in __blkdev_issue_discard()")



Overflow of unsigned long "req_sects" (fixed in second patch)
actually exist here much longer.

And 4.19 commit 744889b7cbb56a64f957e65ade7cb65fe3f35714
("block: don't deal with discard limit in blkdev_issue_discard()")
make it worse by replacing

req_sects = min_t(sector_t, nr_sects, q->limits.max_discard_sectors);

with

unsigned int req_sects = nr_sects;


because now discard length isn't cut by max_discard_sectors it easily overflows.
As a result BLKDISCARD fails unexpectedly:

ioctl(3, BLKDISCARD, [0, 0x20000000000])  = -1 EOPNOTSUPP (Operation not supported)

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [4.19.y] 32-bit overflow in __blkdev_issue_discard()
  2020-01-30 12:10 [4.19.y] 32-bit overflow in __blkdev_issue_discard() Konstantin Khlebnikov
@ 2020-01-30 14:27 ` Greg KH
  0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2020-01-30 14:27 UTC (permalink / raw)
  To: Konstantin Khlebnikov
  Cc: Stable, linux-block, Jens Axboe, Ming Lei, Dmitry Monakhov

On Thu, Jan 30, 2020 at 03:10:42PM +0300, Konstantin Khlebnikov wrote:
> Please consider including into 4.19 upstream commits
> 
> ba5d73851e71847ba7f7f4c27a1a6e1f5ab91c79
> ("block: cleanup __blkdev_issue_discard()")
> 
> and
> 
> 4800bf7bc8c725e955fcbc6191cc872f43f506d3
> ("block: fix 32 bit overflow in __blkdev_issue_discard()")

THis patch does not apply to the 4.19 tree :(

> Overflow of unsigned long "req_sects" (fixed in second patch)
> actually exist here much longer.
> 
> And 4.19 commit 744889b7cbb56a64f957e65ade7cb65fe3f35714
> ("block: don't deal with discard limit in blkdev_issue_discard()")
> make it worse by replacing
> 
> req_sects = min_t(sector_t, nr_sects, q->limits.max_discard_sectors);
> 
> with
> 
> unsigned int req_sects = nr_sects;
> 
> 
> because now discard length isn't cut by max_discard_sectors it easily overflows.
> As a result BLKDISCARD fails unexpectedly:
> 
> ioctl(3, BLKDISCARD, [0, 0x20000000000])  = -1 EOPNOTSUPP (Operation not supported)

I don't understand.  Can you provide backported and working patches for
the 4.19.y series so that I can apply them that way to show exactly what
you have changed here?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-01-30 14:27 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-30 12:10 [4.19.y] 32-bit overflow in __blkdev_issue_discard() Konstantin Khlebnikov
2020-01-30 14:27 ` Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).