On Tue, Oct 10 2017, Shaohua Li wrote:
> From: Shaohua Li <shli@xxxxxx>
>
> If PAGE_SIZE is bigger than 4k, we could read out of the disk boundary. Limit
> the read size to the end of disk. Write path already has similar limitation.
>
> Fix: 8031c3ddc70a(md/bitmap: copy correct data for bitmap super)
> Reported-by: Joshua Kinard <kumba@xxxxxxxxxx>
> Tested-by: Joshua Kinard <kumba@xxxxxxxxxx>
> Cc: Song Liu <songliubraving@xxxxxx>
> Signed-off-by: Shaohua Li <shli@xxxxxx>
Given that this bug was introduced by
Commit: 8031c3ddc70a ("md/bitmap: copy correct data for bitmap super")
and that patch is markted:
Cc: stable@xxxxxxxxxxxxxxx (4.10+)
I think this patch should be tagged "CC: stable" too.
However ... that earlier patch looks strange to me.
Why is it that "raid5 cache could write bitmap superblock before bitmap superblock is
initialized." Can we just get raid5 cache *not* to write the bitmap
superblock too early?
I think that would better than breaking code that previously worked.
We really need to stop assuming that PAGE_SIZE is 4K. I'm probably as
guilty as anyone else, but it would be good to stop.
Thanks,
NeilBrown
> ---
> drivers/md/bitmap.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c
> index d2121637b4ab..f68ec973fbdd 100644
> --- a/drivers/md/bitmap.c
> +++ b/drivers/md/bitmap.c
> @@ -153,6 +153,7 @@ static int read_sb_page(struct mddev *mddev, loff_t offset,
>
> struct md_rdev *rdev;
> sector_t target;
> + int target_size;
>
> rdev_for_each(rdev, mddev) {
> if (! test_bit(In_sync, &rdev->flags)
> @@ -161,9 +162,12 @@ static int read_sb_page(struct mddev *mddev, loff_t offset,
> continue;
>
> target = offset + index * (PAGE_SIZE/512);
> + target_size = min_t(u64, size, i_size_read(rdev->bdev->bd_inode) -
> + ((target + rdev->sb_start) << 9));
> + target_size = roundup(target_size,
> + bdev_logical_block_size(rdev->bdev));
>
> - if (sync_page_io(rdev, target,
> - roundup(size, bdev_logical_block_size(rdev->bdev)),
> + if (sync_page_io(rdev, target, target_size,
> page, REQ_OP_READ, 0, true)) {
> page->index = index;
> return 0;
> --
> 2.11.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-raid" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: PGP signature
