提交 c029a50d 编写于 作者: L Lukas Czerner 提交者: Alex Elder

xfs: fix possible overflow in xfs_ioc_trim()

In xfs_ioc_trim it is possible that computing the last allocation group
to discard might overflow for big start & len values, because the result
might be bigger then xfs_agnumber_t which is 32 bit long. Fix this by not
allowing the start and end block of the range to be beyond the end of the
file system.

Note that if the start is beyond the end of the file system we have to
return -EINVAL, but in the "end" case we have to truncate it to the fs
size.

Also introduce "end" variable, rather than using start+len which which
might be more confusing to get right as this bug shows.
Signed-off-by: NLukas Czerner <lczerner@redhat.com>
Reviewed-by: NChristoph Hellwig <hch@lst.de>
Signed-off-by: NAlex Elder <aelder@sgi.com>
上级 d952e2f8
...@@ -38,7 +38,7 @@ xfs_trim_extents( ...@@ -38,7 +38,7 @@ xfs_trim_extents(
struct xfs_mount *mp, struct xfs_mount *mp,
xfs_agnumber_t agno, xfs_agnumber_t agno,
xfs_fsblock_t start, xfs_fsblock_t start,
xfs_fsblock_t len, xfs_fsblock_t end,
xfs_fsblock_t minlen, xfs_fsblock_t minlen,
__uint64_t *blocks_trimmed) __uint64_t *blocks_trimmed)
{ {
...@@ -100,7 +100,7 @@ xfs_trim_extents( ...@@ -100,7 +100,7 @@ xfs_trim_extents(
* down partially overlapping ranges for now. * down partially overlapping ranges for now.
*/ */
if (XFS_AGB_TO_FSB(mp, agno, fbno) + flen < start || if (XFS_AGB_TO_FSB(mp, agno, fbno) + flen < start ||
XFS_AGB_TO_FSB(mp, agno, fbno) >= start + len) { XFS_AGB_TO_FSB(mp, agno, fbno) > end) {
trace_xfs_discard_exclude(mp, agno, fbno, flen); trace_xfs_discard_exclude(mp, agno, fbno, flen);
goto next_extent; goto next_extent;
} }
...@@ -145,7 +145,7 @@ xfs_ioc_trim( ...@@ -145,7 +145,7 @@ xfs_ioc_trim(
struct request_queue *q = mp->m_ddev_targp->bt_bdev->bd_disk->queue; struct request_queue *q = mp->m_ddev_targp->bt_bdev->bd_disk->queue;
unsigned int granularity = q->limits.discard_granularity; unsigned int granularity = q->limits.discard_granularity;
struct fstrim_range range; struct fstrim_range range;
xfs_fsblock_t start, len, minlen; xfs_fsblock_t start, end, minlen;
xfs_agnumber_t start_agno, end_agno, agno; xfs_agnumber_t start_agno, end_agno, agno;
__uint64_t blocks_trimmed = 0; __uint64_t blocks_trimmed = 0;
int error, last_error = 0; int error, last_error = 0;
...@@ -165,19 +165,19 @@ xfs_ioc_trim( ...@@ -165,19 +165,19 @@ xfs_ioc_trim(
* matter as trimming blocks is an advisory interface. * matter as trimming blocks is an advisory interface.
*/ */
start = XFS_B_TO_FSBT(mp, range.start); start = XFS_B_TO_FSBT(mp, range.start);
len = XFS_B_TO_FSBT(mp, range.len); end = start + XFS_B_TO_FSBT(mp, range.len) - 1;
minlen = XFS_B_TO_FSB(mp, max_t(u64, granularity, range.minlen)); minlen = XFS_B_TO_FSB(mp, max_t(u64, granularity, range.minlen));
start_agno = XFS_FSB_TO_AGNO(mp, start); if (start >= mp->m_sb.sb_dblocks)
if (start_agno >= mp->m_sb.sb_agcount)
return -XFS_ERROR(EINVAL); return -XFS_ERROR(EINVAL);
if (end > mp->m_sb.sb_dblocks - 1)
end = mp->m_sb.sb_dblocks - 1;
end_agno = XFS_FSB_TO_AGNO(mp, start + len); start_agno = XFS_FSB_TO_AGNO(mp, start);
if (end_agno >= mp->m_sb.sb_agcount) end_agno = XFS_FSB_TO_AGNO(mp, end);
end_agno = mp->m_sb.sb_agcount - 1;
for (agno = start_agno; agno <= end_agno; agno++) { for (agno = start_agno; agno <= end_agno; agno++) {
error = -xfs_trim_extents(mp, agno, start, len, minlen, error = -xfs_trim_extents(mp, agno, start, end, minlen,
&blocks_trimmed); &blocks_trimmed);
if (error) if (error)
last_error = error; last_error = error;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册