bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED - openslx/kernel-qcow2-linux.git

diff options

author	Darrick J. Wong	2014-01-29 01:57:39 +0100
committer	Kent Overstreet	2014-01-29 22:06:15 +0100
commit	947174476701fbc84ea8c7ec9664270f9d80b076 (patch)
tree	285c85c76652bbdf42ac9adb7a82a662ddc9dd65 /arch/unicore32/kernel
parent	bcache: Fix auxiliary search trees for key size > cacheline size (diff)
download	kernel-qcow2-linux-947174476701fbc84ea8c7ec9664270f9d80b076.tar.gz kernel-qcow2-linux-947174476701fbc84ea8c7ec9664270f9d80b076.tar.xz kernel-qcow2-linux-947174476701fbc84ea8c7ec9664270f9d80b076.zip

bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED

The BUG_ON at the end of __bch_btree_mark_key can be triggered due to an integer overflow error: BITMASK(GC_SECTORS_USED, struct bucket, gc_mark, 2, 13); ... SET_GC_SECTORS_USED(g, min_t(unsigned, GC_SECTORS_USED(g) + KEY_SIZE(k), (1 << 14) - 1)); BUG_ON(!GC_SECTORS_USED(g)); In bcache.h, the SECTORS_USED bitfield is defined to be 13 bits wide. While the SET_ code tries to ensure that the field doesn't overflow by clamping it to (1<<14)-1 == 16383, this is incorrect because 16383 requires 14 bits. Therefore, if GC_SECTORS_USED() + KEY_SIZE() = 8192, the SET_ statement tries to store 8192 into a 13-bit field. In a 13-bit field, 8192 becomes zero, thus triggering the BUG_ON. Therefore, create a field width constant and a max value constant, and use those to create the bitfield and check the inputs to SET_GC_SECTORS_USED. Arguably the BITMASK() template ought to have BUG_ON checks for too-large values, but that's a separate patch. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>

Diffstat (limited to 'arch/unicore32/kernel')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: