On 26/03/2022 15:24, Mikulas Patocka wrote:
The patch f6f72f32c22c ("dm integrity: don't replay journal data past the
end of the device") skips journal replay if the target sector points
beyond the end of the device. Unfortunatelly, it doesn't set the journal
entry unused, which resulted in this BUG being triggered:
BUG_ON(!journal_entry_is_unused(je))
This patch fixes the crash.
Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx>
Fixes: f6f72f32c22c ("dm integrity: don't replay journal data past the end of the device")
Cc: stable@xxxxxxxxxxxxxxx # v5.7+
---
drivers/md/dm-integrity.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Index: linux-dm/drivers/md/dm-integrity.c
===================================================================
--- linux-dm.orig/drivers/md/dm-integrity.c 2022-02-10 18:16:42.000000000 +0100
+++ linux-dm/drivers/md/dm-integrity.c 2022-03-25 18:20:27.000000000 +0100
@@ -2473,9 +2473,11 @@ static void do_journal_write(struct dm_i
dm_integrity_io_error(ic, "invalid sector in journal", -EIO);
sec &= ~(sector_t)(ic->sectors_per_block - 1);
}
+ if (unlikely(sec >= ic->provided_data_sectors)) {
+ journal_entry_set_unused(je);
+ continue;
+ }
}
- if (unlikely(sec >= ic->provided_data_sectors))
- continue;
get_area_and_offset(ic, sec, &area, &offset);
restore_last_bytes(ic, access_journal_data(ic, i, j), je);
for (k = j + 1; k < ic->journal_section_entries; k++) {
If it helps anything,
Tested-by: Milan Broz <gmazyland@xxxxxxxxx>
Mike, please send this to stable ASAP, this is a quite serious bug.
Thanks,
Milan
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/dm-devel
