From: Dave Chinner <david@fromorbit.com>
To: linux-xfs@vger.kernel.org
Cc: linux-block@vger.kernel.org
Subject: [PATCH] block: fix 32 bit overflow in __blkdev_issue_discard()
Date: Wed, 14 Nov 2018 08:43:37 +1100 [thread overview]
Message-ID: <20181113214337.20581-1-david@fromorbit.com> (raw)
From: Dave Chinner <dchinner@redhat.com>
A discard cleanup merged into 4.20-rc2 causes fstests xfs/259 to
fall into an endless loop in the discard code. The test is creating
a device that is exactly 2^32 sectors in size to test mkfs boundary
conditions around the 32 bit sector overflow region.
mkfs issues a discard for the entire device size by default, and
hence this throws a sector count of 2^32 into
blkdev_issue_discard(). It takes the number of sectors to discard as
a sector_t - a 64 bit value.
The commit ba5d73851e71 ("block: cleanup __blkdev_issue_discard")
takes this sector count and casts it to a 32 bit value before
comapring it against the maximum allowed discard size the device
has. This truncates away the upper 32 bits, and so if the lower 32
bits of the sector count is zero, it starts issuing discards of
length 0. This causes the code to fall into an endless loop, issuing
a zero length discards over and over again on the same sector.
Fixes: ba5d73851e71 ("block: cleanup __blkdev_issue_discard")
Signed-off-by: Dave Chinner <dchinner@redhat.com>
---
block/blk-lib.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/block/blk-lib.c b/block/blk-lib.c
index e8b3bb9bf375..144e156ed341 100644
--- a/block/blk-lib.c
+++ b/block/blk-lib.c
@@ -55,9 +55,12 @@ int __blkdev_issue_discard(struct block_device *bdev, sector_t sector,
return -EINVAL;
while (nr_sects) {
- unsigned int req_sects = min_t(unsigned int, nr_sects,
+ sector_t req_sects = min_t(sector_t, nr_sects,
bio_allowed_max_sectors(q));
+ WARN_ON_ONCE(req_sects == 0);
+ WARN_ON_ONCE((req_sects << 9) > UINT_MAX);
+
bio = blk_next_bio(bio, 0, gfp_mask);
bio->bi_iter.bi_sector = sector;
bio_set_dev(bio, bdev);
--
2.19.1
next reply other threads:[~2018-11-14 7:43 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-13 21:43 Dave Chinner [this message]
2018-11-14 2:36 ` [PATCH] block: fix 32 bit overflow in __blkdev_issue_discard() Darrick J. Wong
2018-11-14 2:53 ` Ming Lei
2018-11-14 8:08 ` Dave Chinner
2018-11-14 8:15 ` Ming Lei
2018-11-14 15:18 ` Jens Axboe
2018-11-15 1:06 ` Ming Lei
2018-11-15 1:22 ` Dave Chinner
2018-11-15 3:10 ` Ming Lei
2018-11-15 22:13 ` Dave Chinner
2018-11-15 22:24 ` Darrick J. Wong
2018-11-16 4:04 ` Dave Chinner
2018-11-16 8:32 ` Christoph Hellwig
2018-11-16 8:46 ` Omar Sandoval
2018-11-16 8:53 ` Christoph Hellwig
2018-11-16 12:06 ` Ming Lei
2018-11-15 1:51 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181113214337.20581-1-david@fromorbit.com \
--to=david@fromorbit.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).