linux-block.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Naohiro Aota <Naohiro.Aota@wdc.com>
To: Damien Le Moal <Damien.LeMoal@wdc.com>
Cc: "dsterba@suse.cz" <dsterba@suse.cz>,
	"linux-btrfs@vger.kernel.org" <linux-btrfs@vger.kernel.org>,
	"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
	Jens Axboe <axboe@kernel.dk>, David Sterba <dsterba@suse.com>,
	Chaitanya Kulkarni <Chaitanya.Kulkarni@wdc.com>
Subject: Re: [PATCH 1/3] block: fix arg type of bio_trim()
Date: Fri, 9 Jul 2021 04:53:24 +0000	[thread overview]
Message-ID: <20210709045323.ndywpydaiu5j4bzx@naota-xeon> (raw)
In-Reply-To: <DM6PR04MB70816886A482C04EE21D2C5EE7189@DM6PR04MB7081.namprd04.prod.outlook.com>

On Fri, Jul 09, 2021 at 12:42:04AM +0000, Damien Le Moal wrote:
> On 2021/07/09 0:00, David Sterba wrote:
> > On Thu, Jul 08, 2021 at 10:10:55PM +0900, Naohiro Aota wrote:
> >> From: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
> >>
> >> The function bio_trim has offset and size arguments that are declared
> >> as int.
> >>
> >> The callers of this function uses sector_t type when passing the offset
> >> and size e,g. drivers/md/raid1.c:narrow_write_error() and
> >> drivers/md/raid1.c:narrow_write_error().
> >>
> >> Change offset & size arguments to sector_t type for bio_trim().
> >>
> >> Tested-by: Naohiro Aota <naohiro.aota@wdc.com>
> >> Signed-off-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
> >> ---
> >>  block/bio.c         | 2 +-
> >>  include/linux/bio.h | 2 +-
> >>  2 files changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/block/bio.c b/block/bio.c
> >> index 44205dfb6b60..d342ce84f6cf 100644
> >> --- a/block/bio.c
> >> +++ b/block/bio.c
> >> @@ -1465,7 +1465,7 @@ EXPORT_SYMBOL(bio_split);
> >>   * @offset:	number of sectors to trim from the front of @bio
> >>   * @size:	size we want to trim @bio to, in sectors
> >>   */
> >> -void bio_trim(struct bio *bio, int offset, int size)
> >> +void bio_trim(struct bio *bio, sector_t offset, sector_t size)
> > 
> > sectort_t seems to be the right one, there are << 9 in the function so
> > that could lead to some bugs if the offset and size are at the boundary.
> 
> Need to add an overflow check:
> 
> size <<= 9;
> ...
> bio->bi_iter.bi_size = size;
> 
> bi_size is "unsigned int" so if "size << 9" is larger than UINT_MAX, things will
> break in ugly ways. And since trim is a hint to the device, in case of overflow,
> the BIO size should probably simply be set to 0, with a WARN_ON signaling it.

I'll add the following (fixed) WARN_ON to check it.

# I thought I could use ASSERT everywhere but actually it's from
# btrfs...

This function is not about TRIM command, but to trim a bio. So the
size overflow is invalid.

> Note that the potential overflow already exists with the current code as the BIO
> size can be less than requested or 0 if size <<9 overflows the int type...

Ah, yeah. So the sanity check (with comment style fix) should be like this.

diff --git a/block/bio.c b/block/bio.c
index d342ce84f6cf..3fb2f1d7bb69 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -1467,10 +1467,18 @@ EXPORT_SYMBOL(bio_split);
  */
 void bio_trim(struct bio *bio, sector_t offset, sector_t size)
 {
-	/* 'bio' is a cloned bio which we need to trim to match
-	 * the given offset and size.
+	const sector_t uint_max_sectors = UINT_MAX << SECTOR_SHIFT;
+
+	/*
+	 * 'bio' is a cloned bio which we need to trim to match the given
+	 * offset and size.
 	 */
 
+	/* sanity check */
+	if (WARN_ON(offset > uint_max_sectors && size > uint_max_sectors) ||
+	    WARN_ON(offset + size > bio->bi_iter.bi_size))
+		return;
+
 	size <<= 9;
 	if (offset == 0 && size == bio->bi_iter.bi_size)
 		return;

> > 
> >>  {
> >>  	/* 'bio' is a cloned bio which we need to trim to match
> >>  	 * the given offset and size.
> >> diff --git a/include/linux/bio.h b/include/linux/bio.h
> >> index a0b4cfdf62a4..fb663152521e 100644
> >> --- a/include/linux/bio.h
> >> +++ b/include/linux/bio.h
> >> @@ -379,7 +379,7 @@ static inline void bip_set_seed(struct bio_integrity_payload *bip,
> >>  
> >>  #endif /* CONFIG_BLK_DEV_INTEGRITY */
> >>  
> >> -extern void bio_trim(struct bio *bio, int offset, int size);
> >> +void bio_trim(struct bio *bio, sector_t offset, sector_t size);
> > 
> > You may want to keep the extern for consistency in that file, though
> > it's not necessary for the prototype.
> > 
> > The patch is simple I can take it through the btrfs tree with the other
> > fixes unless there are objections.
> > 
> 
> 
> -- 
> Damien Le Moal
> Western Digital Research

  reply	other threads:[~2021-07-09  4:53 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-08 13:10 [PATCH 0/3] fix argument type of bio_trim() Naohiro Aota
2021-07-08 13:10 ` [PATCH 1/3] block: fix arg " Naohiro Aota
2021-07-08 14:57   ` David Sterba
2021-07-09  0:42     ` Damien Le Moal
2021-07-09  4:53       ` Naohiro Aota [this message]
2021-07-09  4:39     ` Naohiro Aota
2021-07-09  4:55       ` Naohiro Aota
2021-07-08 13:10 ` [PATCH 2/3] btrfs: fix argument type of btrfs_bio_clone_partial() Naohiro Aota
2021-07-08 15:00   ` David Sterba
2021-07-09  5:01     ` Naohiro Aota
2021-07-08 13:10 ` [PATCH 3/3] btrfs: drop unnecessary ASSERT from btrfs_submit_direct() Naohiro Aota
2021-07-08 13:54   ` David Sterba
2021-07-08 15:03   ` David Sterba

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210709045323.ndywpydaiu5j4bzx@naota-xeon \
    --to=naohiro.aota@wdc.com \
    --cc=Chaitanya.Kulkarni@wdc.com \
    --cc=Damien.LeMoal@wdc.com \
    --cc=axboe@kernel.dk \
    --cc=dsterba@suse.com \
    --cc=dsterba@suse.cz \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-btrfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).