diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-12-19 10:18:35 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-12-19 10:18:35 -0500 |
| commit | 59771079c18c44e39106f0f30054025acafadb41 (patch) | |
| tree | 9463781cf1d6f3055bc87840190cc322b59daa67 /include | |
| parent | 752451f01c4567b506bf4343082682dbb8fb30dd (diff) | |
blk: avoid divide-by-zero with zero discard granularity
Commit 8dd2cb7e880d ("block: discard granularity might not be power of
2") changed a couple of 'binary and' operations into modulus operations.
Which turned the harmless case of a zero discard_granularity into a
possible divide-by-zero.
The code also had a much more subtle bug: it was doing the modulus of a
value in bytes using 'sector_t'. That was always conceptually wrong,
but didn't actually matter back when the code assumed a power-of-two
granularity: we only looked at the low bits anyway.
But with potentially arbitrary sector numbers, using a 'sector_t' to
express bytes is very very wrong: depending on configuration it limits
the starting offset of the device to just 32 bits, and any overflow
would result in a wrong value if the modulus wasn't a power-of-two.
So re-write the code to not only protect against the divide-by-zero, but
to do the starting sector arithmetic in sectors, and using the proper
types.
[ For any mathematicians out there: it also looks monumentally stupid to
do the 'modulo granularity' operation *twice*, never mind having a "+
granularity" in the second modulus op.
But that's the easiest way to avoid negative values or overflow, and
it is how the original code was done. ]
Reported-by: Ingo Molnar <mingo@kernel.org>
Reported-by: Doug Anderson <dianders@chromium.org>
Cc: Neil Brown <neilb@suse.de>
Cc: Shaohua Li <shli@fusionio.com>
Acked-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/blkdev.h | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index acb4f7bbbd32..f94bc83011ed 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h | |||
| @@ -1188,14 +1188,25 @@ static inline int queue_discard_alignment(struct request_queue *q) | |||
| 1188 | 1188 | ||
| 1189 | static inline int queue_limit_discard_alignment(struct queue_limits *lim, sector_t sector) | 1189 | static inline int queue_limit_discard_alignment(struct queue_limits *lim, sector_t sector) |
| 1190 | { | 1190 | { |
| 1191 | sector_t alignment = sector << 9; | 1191 | unsigned int alignment, granularity, offset; |
| 1192 | alignment = sector_div(alignment, lim->discard_granularity); | ||
| 1193 | 1192 | ||
| 1194 | if (!lim->max_discard_sectors) | 1193 | if (!lim->max_discard_sectors) |
| 1195 | return 0; | 1194 | return 0; |
| 1196 | 1195 | ||
| 1197 | alignment = lim->discard_granularity + lim->discard_alignment - alignment; | 1196 | /* Why are these in bytes, not sectors? */ |
| 1198 | return sector_div(alignment, lim->discard_granularity); | 1197 | alignment = lim->discard_alignment >> 9; |
| 1198 | granularity = lim->discard_granularity >> 9; | ||
| 1199 | if (!granularity) | ||
| 1200 | return 0; | ||
| 1201 | |||
| 1202 | /* Offset of the partition start in 'granularity' sectors */ | ||
| 1203 | offset = sector_div(sector, granularity); | ||
| 1204 | |||
| 1205 | /* And why do we do this modulus *again* in blkdev_issue_discard()? */ | ||
| 1206 | offset = (granularity + alignment - offset) % granularity; | ||
| 1207 | |||
| 1208 | /* Turn it back into bytes, gaah */ | ||
| 1209 | return offset << 9; | ||
| 1199 | } | 1210 | } |
| 1200 | 1211 | ||
| 1201 | static inline int bdev_discard_alignment(struct block_device *bdev) | 1212 | static inline int bdev_discard_alignment(struct block_device *bdev) |