linux/drivers/md
Matthew Mirvish 5a1922adc5 bcache: fix variable length array abuse in btree_iter
[ Upstream commit 3a861560cc ]

btree_iter is used in two ways: either allocated on the stack with a
fixed size MAX_BSETS, or from a mempool with a dynamic size based on the
specific cache set. Previously, the struct had a fixed-length array of
size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized
iterators, which causes UBSAN to complain.

This patch uses the same approach as in bcachefs's sort_iter and splits
the iterator into a btree_iter with a flexible array member and a
btree_iter_stack which embeds a btree_iter as well as a fixed-length
data array.

Cc: stable@vger.kernel.org
Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039368
Signed-off-by: Matthew Mirvish <matthew@mm12.xyz>
Signed-off-by: Coly Li <colyli@suse.de>
Link: https://lore.kernel.org/r/20240509011117.2697-3-colyli@suse.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-07-05 09:14:36 +02:00
..
bcache bcache: fix variable length array abuse in btree_iter 2024-07-05 09:14:36 +02:00
persistent-data dm space map common: add bounds check to sm_ll_lookup_bitmap() 2022-01-27 11:04:53 +01:00
dm-bio-prison-v1.c
dm-bio-prison-v1.h
dm-bio-prison-v2.c
dm-bio-prison-v2.h
dm-bio-record.h block: store a block_device pointer in struct bio 2021-01-24 18:17:20 -07:00
dm-bufio.c dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size 2021-03-04 14:53:54 -05:00
dm-builtin.c
dm-cache-background-tracker.c
dm-cache-background-tracker.h
dm-cache-block-types.h
dm-cache-metadata.c dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort 2023-01-12 11:58:52 +01:00
dm-cache-metadata.h
dm-cache-policy-internal.h
dm-cache-policy-smq.c dm cache policy smq: ensure IO doesn't prevent cleaner policy progress 2023-08-03 10:22:46 +02:00
dm-cache-policy.c
dm-cache-policy.h
dm-cache-target.c dm cache: add cond_resched() to various workqueue loops 2023-03-10 09:39:55 +01:00
dm-clone-metadata.c dm clone metadata: remove unused function 2021-04-19 13:20:31 -04:00
dm-clone-metadata.h
dm-clone-target.c dm clone: call kmem_cache_destroy() in dm_clone_init() error path 2023-05-11 23:00:40 +09:00
dm-core.h dm: limit the number of targets and parameter size area 2024-02-23 08:55:14 +01:00
dm-crypt.c dm-verity, dm-crypt: align "struct bvec_iter" correctly 2024-03-26 18:21:13 -04:00
dm-delay.c dm-delay: fix a race between delay_presuspend and delay_bio 2023-12-03 07:31:25 +01:00
dm-dust.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-ebs-target.c - Add DM infrastructure for IMA-based remote attestion. These changes 2021-08-31 14:55:09 -07:00
dm-era-target.c dm era: commit metadata in postsuspend after worker stops 2022-06-29 09:03:20 +02:00
dm-exception-store.c
dm-exception-store.h
dm-flakey.c dm flakey: fix a crash with invalid table line 2023-05-11 23:00:40 +09:00
dm-ima.c integrity-v5.15 2021-09-02 12:51:41 -07:00
dm-ima.h dm ima: add version info to dm related events in ima log 2021-08-20 15:59:47 -04:00
dm-init.c dm init: add dm-mod.waitfor to wait for asynchronously probed block devices 2023-07-23 13:47:51 +02:00
dm-integrity.c dm integrity: fix out-of-range warning 2024-04-10 16:19:36 +02:00
dm-io-tracker.h dm writecache: make writeback pause configurable 2021-06-28 16:30:13 -04:00
dm-io.c block: Add bio_max_segs 2021-02-26 15:49:51 -07:00
dm-ioctl.c dm: limit the number of targets and parameter size area 2024-02-23 08:55:14 +01:00
dm-kcopyd.c dm writecache: have ssd writeback wait if the kcopyd workqueue is busy 2021-06-15 15:42:03 -04:00
dm-linear.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-log-userspace-base.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-log-userspace-transfer.c
dm-log-userspace-transfer.h
dm-log-writes.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-log.c dm mirror log: clear log bits up to BITS_PER_LONG boundary 2022-06-29 09:03:20 +02:00
dm-mpath.c dm ima: update dm target attributes for ima measurements 2021-08-20 16:07:36 -04:00
dm-mpath.h
dm-path-selector.c
dm-path-selector.h
dm-ps-historical-service-time.c dm mpath: only use ktime_get_ns() in historical selector 2022-04-20 09:34:13 +02:00
dm-ps-io-affinity.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-ps-queue-length.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-ps-round-robin.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-ps-service-time.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-raid1.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-raid.c dm-raid: fix lockdep waring in "pers->hot_add_disk" 2024-04-10 16:18:39 +02:00
dm-region-hash.c
dm-rq.c dm: requeue IO if mapping table not yet available 2022-04-13 20:59:06 +02:00
dm-rq.h
dm-snap-persistent.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-snap-transient.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-snap.c dm snapshot: fix lockup in dm_exception_table_exit 2024-04-10 16:18:44 +02:00
dm-stats.c dm stats: check for and propagate alloc_percpu failure 2023-03-30 12:48:00 +02:00
dm-stats.h dm stats: check for and propagate alloc_percpu failure 2023-03-30 12:48:00 +02:00
dm-stripe.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-switch.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-sysfs.c
dm-table.c dm: limit the number of targets and parameter size area 2024-02-23 08:55:14 +01:00
dm-target.c
dm-thin-metadata.c dm thin metadata: check fail_io before using data_sm 2023-06-21 15:59:14 +02:00
dm-thin-metadata.h
dm-thin.c dm thin: fix deadlock when swapping to thin device 2023-03-30 12:47:56 +02:00
dm-uevent.c
dm-uevent.h
dm-unstripe.c dm: update target status functions to support IMA measurement 2021-08-10 13:34:23 -04:00
dm-verity-fec.c dm-verity: align struct dm_verity_fec_io properly 2023-12-08 08:48:01 +01:00
dm-verity-fec.h dm verity fec: fix misaligned RS roots IO 2021-04-14 14:28:29 -04:00
dm-verity-target.c dm verity: don't perform FEC for failed readahead IO 2023-12-08 08:48:01 +01:00
dm-verity-verify-sig.c dm verity: fix require_signatures module_param permissions 2021-05-25 16:14:05 -04:00
dm-verity-verify-sig.h dm verity: Fix compilation warning 2020-08-04 15:48:13 -04:00
dm-verity.h dm-verity, dm-crypt: align "struct bvec_iter" correctly 2024-03-26 18:21:13 -04:00
dm-writecache.c dm writecache: set a default MAX_WRITEBACK_JOBS 2022-08-17 14:24:23 +02:00
dm-zero.c dm: add support for REQ_NOWAIT to various targets 2020-12-04 18:04:35 -05:00
dm-zone.c dm zone: fix dm_revalidate_zones() memory allocation 2021-06-25 15:25:23 -04:00
dm-zoned-metadata.c dm zoned: check zone capacity 2021-06-04 12:07:28 -04:00
dm-zoned-reclaim.c dm kcopyd: avoid useless atomic operations 2021-06-04 12:07:24 -04:00
dm-zoned-target.c dm zoned: free dmz->ddev array in dmz_put_zoned_devices 2023-10-10 21:59:08 +02:00
dm-zoned.h
dm.c dm: call the resume method on internal suspend 2024-03-26 18:21:24 -04:00
dm.h dm: send just one event on resize, not two 2023-03-10 09:40:05 +01:00
Kconfig dm: make EBS depend on !HIGHMEM 2021-08-16 10:50:32 -06:00
Makefile dm ima: measure data on table load 2021-08-10 13:32:40 -04:00
md-autodetect.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
md-bitmap.c md: fix resync softlockup when bitmap size is less than array size 2024-06-16 13:39:17 +02:00
md-bitmap.h
md-cluster.c for-5.11/drivers-2020-12-14 2020-12-16 13:09:32 -08:00
md-cluster.h
md-faulty.c md: mark some personalities as deprecated 2021-06-14 22:32:07 -07:00
md-linear.c md: add error_handlers for raid0 and linear 2023-09-19 12:22:39 +02:00
md-linear.h
md-multipath.c md: mark some personalities as deprecated 2021-06-14 22:32:07 -07:00
md-multipath.h
md.c md: fix kmemleak of rdev->serial 2024-05-17 11:51:06 +02:00
md.h md: add error_handlers for raid0 and linear 2023-09-19 12:22:39 +02:00
raid0.c md: raid0: account for split bio in iostat accounting 2023-09-19 12:22:40 +02:00
raid0.h md/raid0: add discard support for the 'original' layout 2023-07-23 13:47:51 +02:00
raid1-10.c md: drop queue limitation for RAID1 and RAID10 2023-05-11 23:00:29 +09:00
raid1.c md/raid1: fix error: ISO C90 forbids mixed declarations 2023-09-23 11:10:01 +02:00
raid1.h md/raid1: enable io accounting 2021-06-14 22:32:07 -07:00
raid5-cache.c block: rename BIO_MAX_PAGES to BIO_MAX_VECS 2021-03-11 07:47:48 -07:00
raid5-log.h
raid5-ppl.c block: rename BIO_MAX_PAGES to BIO_MAX_VECS 2021-03-11 07:47:48 -07:00
raid5.c md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING 2024-06-16 13:39:56 +02:00
raid5.h md/raid5: let multiple devices of stripe_head share page 2020-09-24 16:44:44 -07:00
raid10.c md/raid10: prevent soft lockup while flush writes 2024-03-01 13:21:55 +01:00
raid10.h md/raid10: enable io accounting 2021-06-14 22:32:07 -07:00