When the discard length is not a multiple of RSXX_HW_BLK_SIZE, the
discard code will get into an infinite loop, even discarding data it is
not supposed to. This will also hang the system.
This can be reproduced by doing an ioctl BLKDISCARD to /dev/rsxx0 with
range from 0 to 1024.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
---
drivers/block/rsxx/dma.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/block/rsxx/dma.c b/drivers/block/rsxx/dma.c
index cf8cd29..d105a4a 100644
--- a/drivers/block/rsxx/dma.c
+++ b/drivers/block/rsxx/dma.c
@@ -708,7 +708,9 @@ int rsxx_dma_queue_bio(struct rsxx_cardinfo *card,
if (bio->bi_rw & REQ_DISCARD) {
bv_len = bio->bi_iter.bi_size;
- while (bv_len > 0) {
+ if (bv_len < RSXX_HW_BLK_SIZE)
+ bio_endio(bio, 0);
+ while (bv_len >= RSXX_HW_BLK_SIZE) {
tgt = rsxx_get_dma_tgt(card, addr8);
laddr = rsxx_addr8_to_laddr(addr8, card);
--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html