Re: [PATCH 1/3] block: fix arg type of bio_trim()
From: Naohiro Aota <Naohiro.Aota@wdc.com>
Date: 2021-07-09 04:53:36
Also in:
linux-btrfs
Subsystem:
block layer, the rest · Maintainers:
Jens Axboe, Linus Torvalds
On Fri, Jul 09, 2021 at 12:42:04AM +0000, Damien Le Moal wrote:
On 2021/07/09 0:00, David Sterba wrote:quoted
On Thu, Jul 08, 2021 at 10:10:55PM +0900, Naohiro Aota wrote:quoted
From: Chaitanya Kulkarni <redacted> The function bio_trim has offset and size arguments that are declared as int. The callers of this function uses sector_t type when passing the offset and size e,g. drivers/md/raid1.c:narrow_write_error() and drivers/md/raid1.c:narrow_write_error(). Change offset & size arguments to sector_t type for bio_trim(). Tested-by: Naohiro Aota <naohiro.aota@wdc.com> Signed-off-by: Chaitanya Kulkarni <redacted> --- block/bio.c | 2 +- include/linux/bio.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)diff --git a/block/bio.c b/block/bio.c index 44205dfb6b60..d342ce84f6cf 100644 --- a/block/bio.c +++ b/block/bio.c@@ -1465,7 +1465,7 @@ EXPORT_SYMBOL(bio_split); * @offset: number of sectors to trim from the front of @bio * @size: size we want to trim @bio to, in sectors */ -void bio_trim(struct bio *bio, int offset, int size) +void bio_trim(struct bio *bio, sector_t offset, sector_t size)sectort_t seems to be the right one, there are << 9 in the function so that could lead to some bugs if the offset and size are at the boundary.Need to add an overflow check: size <<= 9; ... bio->bi_iter.bi_size = size; bi_size is "unsigned int" so if "size << 9" is larger than UINT_MAX, things will break in ugly ways. And since trim is a hint to the device, in case of overflow, the BIO size should probably simply be set to 0, with a WARN_ON signaling it.
I'll add the following (fixed) WARN_ON to check it. # I thought I could use ASSERT everywhere but actually it's from # btrfs... This function is not about TRIM command, but to trim a bio. So the size overflow is invalid.
Note that the potential overflow already exists with the current code as the BIO size can be less than requested or 0 if size <<9 overflows the int type...
Ah, yeah. So the sanity check (with comment style fix) should be like this.
diff --git a/block/bio.c b/block/bio.c
index d342ce84f6cf..3fb2f1d7bb69 100644
--- a/block/bio.c
+++ b/block/bio.c@@ -1467,10 +1467,18 @@ EXPORT_SYMBOL(bio_split); */ void bio_trim(struct bio *bio, sector_t offset, sector_t size) { - /* 'bio' is a cloned bio which we need to trim to match - * the given offset and size. + const sector_t uint_max_sectors = UINT_MAX << SECTOR_SHIFT; + + /* + * 'bio' is a cloned bio which we need to trim to match the given + * offset and size. */ + /* sanity check */ + if (WARN_ON(offset > uint_max_sectors && size > uint_max_sectors) || + WARN_ON(offset + size > bio->bi_iter.bi_size)) + return; + size <<= 9; if (offset == 0 && size == bio->bi_iter.bi_size) return;
quoted
quoted
{ /* 'bio' is a cloned bio which we need to trim to match * the given offset and size.diff --git a/include/linux/bio.h b/include/linux/bio.h index a0b4cfdf62a4..fb663152521e 100644 --- a/include/linux/bio.h +++ b/include/linux/bio.h@@ -379,7 +379,7 @@ static inline void bip_set_seed(struct bio_integrity_payload *bip, #endif /* CONFIG_BLK_DEV_INTEGRITY */ -extern void bio_trim(struct bio *bio, int offset, int size); +void bio_trim(struct bio *bio, sector_t offset, sector_t size);You may want to keep the extern for consistency in that file, though it's not necessary for the prototype. The patch is simple I can take it through the btrfs tree with the other fixes unless there are objections.-- Damien Le Moal Western Digital Research