Re: [PATCH] bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 11, 2014 at 10:02:57AM -0800, Darrick J. Wong wrote:
> The BUG_ON at the end of __bch_btree_mark_key can be triggered due to
> an integer overflow error:
> 
> BITMASK(GC_SECTORS_USED, struct bucket, gc_mark, 2, 13);
> ...
> SET_GC_SECTORS_USED(g, min_t(unsigned,
> 	     GC_SECTORS_USED(g) + KEY_SIZE(k),
> 	     (1 << 14) - 1));
> BUG_ON(!GC_SECTORS_USED(g));
> 
> In bcache.h, the SECTORS_USED bitfield is defined to be 13 bits wide.
> While the SET_ code tries to ensure that the field doesn't overflow by
> clamping it to (1<<14)-1 == 16383, this is incorrect because 16383
> requires 14 bits.  Therefore, if GC_SECTORS_USED() + KEY_SIZE() =
> 8192, the SET_ statement tries to store 8192 into a 13-bit field.  In
> a 13-bit field, 8192 becomes zero, thus triggering the BUG_ON.
> 
> Therefore, create a field width constant and a max value constant, and
> use those to create the bitfield and check the inputs to
> SET_GC_SECTORS_USED.  Arguably the BITMASK() template ought to have
> BUG_ON checks for too-large values, but that's a separate patch.
> 
> Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> Signed-off-by: Kent Overstreet <kmo@xxxxxxxxxxxxx>
> ---
> Greg, stable team et. all - can you apply this asap to 3.13? It hasn't hit
> Linus's tree yet (it's on its way via Jens), but multiple users are hitting this
> BUG_ON() and the fix has been tested.

Think about what you just wrote.

Then go read Documentation/stable_kernel_rules.txt.

You should know better...

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-bcache" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux ARM Kernel]     [Linux Filesystem Development]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux