On Mon, 2020-12-28 at 12:49 +0100, gregkh@xxxxxxxxxxxxxxxxxxx wrote:
> The patch below does not apply to the 5.4-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@xxxxxxxxxxxxxxx>.
>
> thanks,
>
> greg k-h
Hi Greg,
I sent a back-ported patch for 5.4-stable in reply to your email.
Thanks.
>
> ------------------ original commit in Linus's tree ------------------
>
> From 0ebcdd702f49aeb0ad2e2d894f8c124a0acc6e23 Mon Sep 17 00:00:00 2001
> From: Damien Le Moal <damien.lemoal@xxxxxxx>
> Date: Fri, 20 Nov 2020 10:55:11 +0900
> Subject: [PATCH] null_blk: Fix zone size initialization
>
> For a null_blk device with zoned mode enabled is currently initialized
> with a number of zones equal to the device capacity divided by the zone
> size, without considering if the device capacity is a multiple of the
> zone size. If the zone size is not a divisor of the capacity, the zones
> end up not covering the entire capacity, potentially resulting is out
> of bounds accesses to the zone array.
>
> Fix this by adding one last smaller zone with a size equal to the
> remainder of the disk capacity divided by the zone size if the capacity
> is not a multiple of the zone size. For such smaller last zone, the zone
> capacity is also checked so that it does not exceed the smaller zone
> size.
>
> Reported-by: Naohiro Aota <naohiro.aota@xxxxxxx>
> Fixes: ca4b2a011948 ("null_blk: add zone support")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Damien Le Moal <damien.lemoal@xxxxxxx>
> Reviewed-by: Christoph Hellwig <hch@xxxxxx>
> Reviewed-by: Johannes Thumshirn <johannes.thumshirn@xxxxxxx>
> Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
>
> diff --git a/drivers/block/null_blk_zoned.c b/drivers/block/null_blk_zoned.c
> index beb34b4f76b0..1d0370d91fe7 100644
> --- a/drivers/block/null_blk_zoned.c
> +++ b/drivers/block/null_blk_zoned.c
> @@ -6,8 +6,7 @@
> #define CREATE_TRACE_POINTS
> #include "null_blk_trace.h"
>
>
>
>
> -/* zone_size in MBs to sectors. */
> -#define ZONE_SIZE_SHIFT 11
> +#define MB_TO_SECTS(mb) (((sector_t)mb * SZ_1M) >> SECTOR_SHIFT)
>
>
>
>
> static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
> {
> @@ -16,7 +15,7 @@ static inline unsigned int null_zone_no(struct nullb_device *dev, sector_t sect)
>
>
>
>
> int null_init_zoned_dev(struct nullb_device *dev, struct request_queue *q)
> {
> - sector_t dev_size = (sector_t)dev->size * 1024 * 1024;
> + sector_t dev_capacity_sects, zone_capacity_sects;
> sector_t sector = 0;
> unsigned int i;
>
>
>
>
> @@ -38,9 +37,13 @@ int null_init_zoned_dev(struct nullb_device *dev, struct request_queue *q)
> return -EINVAL;
> }
>
>
>
>
> - dev->zone_size_sects = dev->zone_size << ZONE_SIZE_SHIFT;
> - dev->nr_zones = dev_size >>
> - (SECTOR_SHIFT + ilog2(dev->zone_size_sects));
> + zone_capacity_sects = MB_TO_SECTS(dev->zone_capacity);
> + dev_capacity_sects = MB_TO_SECTS(dev->size);
> + dev->zone_size_sects = MB_TO_SECTS(dev->zone_size);
> + dev->nr_zones = dev_capacity_sects >> ilog2(dev->zone_size_sects);
> + if (dev_capacity_sects & (dev->zone_size_sects - 1))
> + dev->nr_zones++;
> +
> dev->zones = kvmalloc_array(dev->nr_zones, sizeof(struct blk_zone),
> GFP_KERNEL | __GFP_ZERO);
> if (!dev->zones)
> @@ -101,8 +104,12 @@ int null_init_zoned_dev(struct nullb_device *dev, struct request_queue *q)
> struct blk_zone *zone = &dev->zones[i];
>
>
>
>
> zone->start = zone->wp = sector;
> - zone->len = dev->zone_size_sects;
> - zone->capacity = dev->zone_capacity << ZONE_SIZE_SHIFT;
> + if (zone->start + dev->zone_size_sects > dev_capacity_sects)
> + zone->len = dev_capacity_sects - zone->start;
> + else
> + zone->len = dev->zone_size_sects;
> + zone->capacity =
> + min_t(sector_t, zone->len, zone_capacity_sects);
> zone->type = BLK_ZONE_TYPE_SEQWRITE_REQ;
> zone->cond = BLK_ZONE_COND_EMPTY;
>
>
>
>
>
--
Damien Le Moal
Western Digital
