diff mbox series

[5.10,070/104] dm snapshot: fix a crash when an origin has no snapshots

Message ID 20210524152335.174655194@linuxfoundation.org
State Superseded
Headers show
Series None | expand

Commit Message

Greg Kroah-Hartman May 24, 2021, 3:26 p.m. UTC 
From: Mikulas Patocka <mpatocka@redhat.com>

commit 7ee06ddc4038f936b0d4459d37a7d4d844fb03db upstream.

If an origin target has no snapshots, o->split_boundary is set to 0.
This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split().

Fix this by initializing chunk_size, and in turn split_boundary, to
rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits
into "unsigned" type.

Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Cc: stable@vger.kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/md/dm-snap.c |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

Comments

Mikulas Patocka May 25, 2021, 11:36 a.m. UTC | #1 
Hi Greg

I'd like to ask you to drop this patch from all stable branches.

It causes regression with snapshot merging and the regression is much 
worse than the bug that it fixes.

Mikulas



On Mon, 24 May 2021, Greg Kroah-Hartman wrote:

> From: Mikulas Patocka <mpatocka@redhat.com>
> 
> commit 7ee06ddc4038f936b0d4459d37a7d4d844fb03db upstream.
> 
> If an origin target has no snapshots, o->split_boundary is set to 0.
> This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split().
> 
> Fix this by initializing chunk_size, and in turn split_boundary, to
> rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits
> into "unsigned" type.
> 
> Reported-by: Michael Tokarev <mjt@tls.msk.ru>
> Tested-by: Michael Tokarev <mjt@tls.msk.ru>
> Cc: stable@vger.kernel.org
> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  drivers/md/dm-snap.c |    5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> --- a/drivers/md/dm-snap.c
> +++ b/drivers/md/dm-snap.c
> @@ -854,12 +854,11 @@ static int dm_add_exception(void *contex
>  static uint32_t __minimum_chunk_size(struct origin *o)
>  {
>  	struct dm_snapshot *snap;
> -	unsigned chunk_size = 0;
> +	unsigned chunk_size = rounddown_pow_of_two(UINT_MAX);
>  
>  	if (o)
>  		list_for_each_entry(snap, &o->snapshots, list)
> -			chunk_size = min_not_zero(chunk_size,
> -						  snap->store->chunk_size);
> +			chunk_size = min(chunk_size, snap->store->chunk_size);
>  
>  	return (uint32_t) chunk_size;
>  }
> 
>
diff mbox series

Patch

--- a/drivers/md/dm-snap.c
+++ b/drivers/md/dm-snap.c
@@ -854,12 +854,11 @@  static int dm_add_exception(void *contex
 static uint32_t __minimum_chunk_size(struct origin *o)
 {
 	struct dm_snapshot *snap;
-	unsigned chunk_size = 0;
+	unsigned chunk_size = rounddown_pow_of_two(UINT_MAX);
 
 	if (o)
 		list_for_each_entry(snap, &o->snapshots, list)
-			chunk_size = min_not_zero(chunk_size,
-						  snap->store->chunk_size);
+			chunk_size = min(chunk_size, snap->store->chunk_size);
 
 	return (uint32_t) chunk_size;
 }