2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-21 11:44:01 +08:00
linux-next/drivers/md
Darrick J. Wong 9471744767 bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED
The BUG_ON at the end of __bch_btree_mark_key can be triggered due to
an integer overflow error:

BITMASK(GC_SECTORS_USED, struct bucket, gc_mark, 2, 13);
...
SET_GC_SECTORS_USED(g, min_t(unsigned,
	     GC_SECTORS_USED(g) + KEY_SIZE(k),
	     (1 << 14) - 1));
BUG_ON(!GC_SECTORS_USED(g));

In bcache.h, the SECTORS_USED bitfield is defined to be 13 bits wide.
While the SET_ code tries to ensure that the field doesn't overflow by
clamping it to (1<<14)-1 == 16383, this is incorrect because 16383
requires 14 bits.  Therefore, if GC_SECTORS_USED() + KEY_SIZE() =
8192, the SET_ statement tries to store 8192 into a 13-bit field.  In
a 13-bit field, 8192 becomes zero, thus triggering the BUG_ON.

Therefore, create a field width constant and a max value constant, and
use those to create the bitfield and check the inputs to
SET_GC_SECTORS_USED.  Arguably the BITMASK() template ought to have
BUG_ON checks for too-large values, but that's a separate patch.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
2014-01-29 13:06:15 -08:00
..
bcache bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED 2014-01-29 13:06:15 -08:00
persistent-data dm array: fix a reference counting bug in shadow_ablock 2013-12-13 14:22:10 -05:00
bitmap.c sysfs: clean up sysfs_get_dirent() 2013-09-26 15:33:18 -07:00
bitmap.h md/bitmap: record the space available for the bitmap in the superblock. 2012-05-22 13:55:34 +10:00
dm-bio-prison.c dm: add cache target 2013-03-01 22:45:51 +00:00
dm-bio-prison.h dm: add cache target 2013-03-01 22:45:51 +00:00
dm-bio-record.h dm: Refactor for new bio cloning/splitting 2013-11-23 22:33:55 -08:00
dm-bufio.c Linux 3.13-rc6 2013-12-31 09:51:02 -07:00
dm-bufio.h dm bufio: prefetch 2012-03-28 18:41:29 +01:00
dm-cache-block-types.h dm: add cache target 2013-03-01 22:45:51 +00:00
dm-cache-metadata.c dm cache metadata: check the metadata version when reading the superblock 2013-11-11 11:37:49 -05:00
dm-cache-metadata.h dm cache: add passthrough mode 2013-11-11 11:37:49 -05:00
dm-cache-policy-cleaner.c dm cache: policy change version from string to integer set 2013-03-20 17:21:27 +00:00
dm-cache-policy-internal.h dm cache: add remove_cblock method to policy interface 2013-11-11 11:37:50 -05:00
dm-cache-policy-mq.c Linux 3.13-rc6 2013-12-31 09:51:02 -07:00
dm-cache-policy.c dm cache: return -EINVAL if the user specifies unknown cache policy 2013-11-09 18:20:18 -05:00
dm-cache-policy.h dm cache: add remove_cblock method to policy interface 2013-11-11 11:37:50 -05:00
dm-cache-target.c Linux 3.13-rc6 2013-12-31 09:51:02 -07:00
dm-crypt.c block: Convert drivers to immutable biovecs 2013-11-23 22:33:51 -08:00
dm-delay.c Linux 3.13-rc6 2013-12-31 09:51:02 -07:00
dm-exception-store.c dm: replace simple_strtoul 2012-07-27 15:07:59 +01:00
dm-exception-store.h dm snapshot: test chunk size against both origin and snapshot 2010-08-12 04:13:51 +01:00
dm-flakey.c block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
dm-io.c block: Convert drivers to immutable biovecs 2013-11-23 22:33:51 -08:00
dm-ioctl.c dm: allow remove to be deferred 2013-11-09 18:20:22 -05:00
dm-kcopyd.c dm: stop using WQ_NON_REENTRANT 2013-08-23 09:02:13 -04:00
dm-linear.c block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
dm-log-userspace-base.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
dm-log-userspace-transfer.c connector/userns: replace netlink uses of cap_raised() with capable() 2012-05-10 23:21:39 -04:00
dm-log-userspace-transfer.h
dm-log.c dm: use memweight() 2012-07-30 17:25:16 -07:00
dm-mpath.c dm mpath: requeue I/O during pg_init 2013-11-05 11:20:34 -05:00
dm-mpath.h
dm-path-selector.c md: Add module.h to all files using it implicitly 2011-10-31 19:31:18 -04:00
dm-path-selector.h
dm-queue-length.c dm: reject trailing characters in sccanf input 2012-03-28 18:41:26 +01:00
dm-raid1.c block: Convert drivers to immutable biovecs 2013-11-23 22:33:51 -08:00
dm-raid.c MD: Remember the last sync operation that was performed 2013-06-26 12:38:24 +10:00
dm-region-hash.c block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
dm-round-robin.c dm: reject trailing characters in sccanf input 2012-03-28 18:41:26 +01:00
dm-service-time.c dm: reject trailing characters in sccanf input 2012-03-28 18:41:26 +01:00
dm-snap-persistent.c dm snapshot: fix data corruption 2013-10-16 03:17:47 +01:00
dm-snap-transient.c md: Add in export.h for files using EXPORT_SYMBOL 2011-10-31 19:31:19 -04:00
dm-snap.c Linux 3.13-rc6 2013-12-31 09:51:02 -07:00
dm-stats.c dm stats: initialize read-only module parameter 2013-12-10 19:13:21 -05:00
dm-stats.h dm: add statistics support 2013-09-05 20:46:06 -04:00
dm-stripe.c block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
dm-switch.c block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
dm-sysfs.c
dm-table.c dm table: fail dm_table_create on dm_round_up overflow 2013-12-10 16:34:27 -05:00
dm-target.c dm: allow error target to replace bio-based and request-based targets 2013-09-05 20:46:05 -04:00
dm-thin-metadata.c dm thin: allow pool in read-only mode to transition to read-write mode 2013-12-10 16:35:13 -05:00
dm-thin-metadata.h dm thin: allow pool in read-only mode to transition to read-write mode 2013-12-10 16:35:13 -05:00
dm-thin.c Linux 3.13-rc6 2013-12-31 09:51:02 -07:00
dm-uevent.c md: Add in export.h for files using EXPORT_SYMBOL 2011-10-31 19:31:19 -04:00
dm-uevent.h
dm-verity.c block: Generic bio chaining 2013-11-23 22:33:56 -08:00
dm-zero.c dm: rename request variables to bios 2013-03-01 22:45:47 +00:00
dm.c dm: Refactor for new bio cloning/splitting 2013-11-23 22:33:55 -08:00
dm.h dm: allow remove to be deferred 2013-11-09 18:20:22 -05:00
faulty.c block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
Kconfig dm: fix Kconfig menu indentation 2013-11-09 18:20:22 -05:00
linear.c block: Introduce new bio_split() 2013-11-23 22:33:57 -08:00
linear.h md/linear: typedef removal: linear_conf_t -> struct linear_conf 2011-10-11 16:48:54 +11:00
Makefile dm: add statistics support 2013-09-05 20:46:06 -04:00
md.c Linux 3.13-rc6 2013-12-31 09:51:02 -07:00
md.h Merge branch 'for-3.13/core' of git://git.kernel.dk/linux-block 2013-11-14 12:08:14 +09:00
multipath.c block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
multipath.h md/multipath: typedef removal: multipath_conf_t -> struct mpconf 2011-10-11 16:48:57 +11:00
raid0.c block: Introduce new bio_split() 2013-11-23 22:33:57 -08:00
raid0.h md: add proper merge_bvec handling to RAID0 and Linear. 2012-03-19 12:46:39 +11:00
raid1.c block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
raid1.h raid1: Rewrite the implementation of iobarrier. 2013-11-19 15:19:18 +11:00
raid5.c bcache/md: Use raid stripe size 2014-01-08 13:05:09 -08:00
raid5.h md update for 3.13. 2013-11-20 13:05:25 -08:00
raid10.c block: Introduce new bio_split() 2013-11-23 22:33:57 -08:00
raid10.h MD RAID10: Improve redundancy for 'far' and 'offset' algorithms (part 1) 2013-02-26 11:55:30 +11:00