From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Ming-Hung Tsai <mtsai@redhat.com>,
Joe Thornber <thornber@redhat.com>,
Mike Snitzer <snitzer@kernel.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 04/91] dm array: fix cursor index when skipping across block boundaries
Date: Thu, 30 Jan 2025 15:00:23 +0100 [thread overview]
Message-ID: <20250130140133.849020544@linuxfoundation.org> (raw)
In-Reply-To: <20250130140133.662535583@linuxfoundation.org>
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ming-Hung Tsai <mtsai@redhat.com>
[ Upstream commit 0bb1968da2737ba68fd63857d1af2b301a18d3bf ]
dm_array_cursor_skip() seeks to the target position by loading array
blocks iteratively until the specified number of entries to skip is
reached. When seeking across block boundaries, it uses
dm_array_cursor_next() to step into the next block.
dm_array_cursor_skip() must first move the cursor index to the end
of the current block; otherwise, the cursor position could incorrectly
remain in the same block, causing the actual number of skipped entries
to be much smaller than expected.
This bug affects cache resizing in v2 metadata and could lead to data
loss if the fast device is shrunk during the first-time resume. For
example:
1. create a cache metadata consists of 32768 blocks, with a dirty block
assigned to the second bitmap block. cache_restore v1.0 is required.
cat <<EOF >> cmeta.xml
<superblock uuid="" block_size="64" nr_cache_blocks="32768" \
policy="smq" hint_width="4">
<mappings>
<mapping cache_block="32767" origin_block="0" dirty="true"/>
</mappings>
</superblock>
EOF
dmsetup create cmeta --table "0 8192 linear /dev/sdc 0"
cache_restore -i cmeta.xml -o /dev/mapper/cmeta --metadata-version=2
2. bring up the cache while attempt to discard all the blocks belonging
to the second bitmap block (block# 32576 to 32767). The last command
is expected to fail, but it actually succeeds.
dmsetup create cdata --table "0 2084864 linear /dev/sdc 8192"
dmsetup create corig --table "0 65536 linear /dev/sdc 2105344"
dmsetup create cache --table "0 65536 cache /dev/mapper/cmeta \
/dev/mapper/cdata /dev/mapper/corig 64 2 metadata2 writeback smq \
2 migration_threshold 0"
In addition to the reproducer described above, this fix can be
verified using the "array_cursor/skip" tests in dm-unit:
dm-unit run /pdata/array_cursor/skip/ --kernel-dir <KERNEL_DIR>
Signed-off-by: Ming-Hung Tsai <mtsai@redhat.com>
Fixes: 9b696229aa7d ("dm persistent data: add cursor skip functions to the cursor APIs")
Reviewed-by: Joe Thornber <thornber@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/persistent-data/dm-array.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/md/persistent-data/dm-array.c b/drivers/md/persistent-data/dm-array.c
index f97de343a398..4d434d89eadd 100644
--- a/drivers/md/persistent-data/dm-array.c
+++ b/drivers/md/persistent-data/dm-array.c
@@ -993,6 +993,7 @@ int dm_array_cursor_skip(struct dm_array_cursor *c, uint32_t count)
}
count -= remaining;
+ c->index += (remaining - 1);
r = dm_array_cursor_next(c);
} while (!r);
--
2.39.5
next prev parent reply other threads:[~2025-01-30 14:17 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-30 14:00 [PATCH 5.4 00/91] 5.4.290-rc1 review Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 01/91] jbd2: flush filesystem device before updating tail sequence Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 02/91] dm array: fix releasing a faulty array block twice in dm_array_cursor_end Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 03/91] dm array: fix unreleased btree blocks on closing a faulty array cursor Greg Kroah-Hartman
2025-01-30 14:00 ` Greg Kroah-Hartman [this message]
2025-01-30 14:00 ` [PATCH 5.4 05/91] ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 06/91] net: 802: LLC+SNAP OID:PID lookup on start of skb data Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 07/91] tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 08/91] tcp/dccp: allow a connection when sk_max_ack_backlog is zero Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 09/91] net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 10/91] tls: Fix tls_sw_sendmsg error handling Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 11/91] dm thin: make get_first_thin use rcu-safe list first function Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 12/91] sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 13/91] sctp: sysctl: auth_enable: " Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 14/91] drm/amd/display: Add check for granularity in dml ceil/floor helpers Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 15/91] ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 16/91] ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 17/91] drm/amd/display: increase MAX_SURFACES to the value supported by hw Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 18/91] USB: serial: option: add MeiG Smart SRM815 Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 19/91] USB: serial: option: add Neoway N723-EA support Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 20/91] staging: iio: ad9834: Correct phase range check Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 21/91] staging: iio: ad9832: " Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 22/91] usb-storage: Add max sectors quirk for Nokia 208 Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 23/91] USB: serial: cp210x: add Phoenix Contact UPS Device Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 24/91] usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 25/91] USB: usblp: return error when setting unsupported protocol Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 26/91] USB: core: Disable LPM only for non-suspended ports Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 27/91] usb: fix reference leak in usb_new_device() Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 28/91] usb: gadget: f_fs: Remove WARN_ON in functionfs_bind Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 29/91] iio: pressure: zpa2326: fix information leak in triggered buffer Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 30/91] iio: dummy: iio_simply_dummy_buffer: " Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 31/91] iio: light: vcnl4035: " Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 32/91] iio: imu: kmx61: " Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 33/91] iio: adc: ti-ads8688: " Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 34/91] iio: gyro: fxas21002c: Fix missing data update in trigger handler Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 35/91] iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 36/91] iio: adc: at91: call input_free_device() on allocated iio_dev Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 37/91] iio: inkern: call iio_device_put() only on mapped devices Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 38/91] arm64: dts: rockchip: fix defines in pd_vio node for rk3399 Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 39/91] arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399 Greg Kroah-Hartman
2025-01-30 14:00 ` [PATCH 5.4 40/91] arm64: dts: rockchip: add #power-domain-cells to power domain nodes Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 41/91] arm64: dts: rockchip: add hevc power domain clock to rk3328 Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 42/91] phy: core: fix code style in devm_of_phy_provider_unregister Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 43/91] phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 44/91] ocfs2: correct return value of ocfs2_local_free_info() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 45/91] ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 46/91] sctp: sysctl: rto_min/max: avoid using current->nsproxy Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 47/91] riscv: abstract out CSR names for supervisor vs machine mode Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 48/91] riscv: remove unused handle_exception symbol Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 49/91] RISC-V: Avoid dereferening NULL regs in die() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 50/91] riscv: Avoid enabling interrupts " Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 51/91] riscv: Fix sleeping in invalid context " Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 52/91] riscv: prefix IRQ_ macro names with an RV_ namespace Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 53/91] RISC-V: Dont enable all interrupts in trap_init() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 54/91] net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 55/91] net: net_namespace: Optimize the code Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 56/91] net: add exit_batch_rtnl() method Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 57/91] gtp: use " Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 58/91] gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 59/91] gtp: Destroy device along with udp sockets netns dismantle Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 60/91] nfp: bpf: prevent integer overflow in nfp_bpf_event_output() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 61/91] drm/v3d: Ensure job pointer is set to NULL after job completion Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 62/91] i2c: mux: demux-pinctrl: check initial mux selection, too Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 63/91] mac802154: check local interfaces before deleting sdata list Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 64/91] hfs: Sanity check the root record Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 65/91] kheaders: Ignore silly-rename files Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 66/91] poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 67/91] nvmet: propagate npwg topology Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 68/91] net: ethernet: xgbe: re-add aneg to supported features in PHY quirks Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 69/91] fs/proc: fix softlockup in __read_vmcore (part 2) Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 70/91] irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 71/91] hrtimers: Handle CPU state correctly on hotplug Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 72/91] ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 73/91] scsi: sg: Fix slab-use-after-free read in sg_release() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 74/91] net: fix data-races around sk->sk_forward_alloc Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 75/91] ASoC: wm8994: Add depends on MFD core Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 76/91] scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 77/91] irqchip/sunxi-nmi: Add missing SKIP_WAKE flag Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 78/91] gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 79/91] m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 80/91] m68k: Add missing mmap_read_lock() to sys_cacheflush() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 81/91] signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 82/91] net: xen-netback: hash.c: Use built-in RCU list checking Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 83/91] net/xen-netback: prevent UAF in xenvif_flush_hash() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 84/91] vfio/platform: check the bounds of read/write syscalls Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 85/91] ext4: avoid ext4_error()s caused by ENOMEM in the truncate path Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 86/91] ext4: fix slab-use-after-free in ext4_split_extent_at() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 87/91] USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 88/91] Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 89/91] Input: atkbd - map F23 key to support default copilot shortcut Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 90/91] Input: xpad - add unofficial Xbox 360 wireless receiver clone Greg Kroah-Hartman
2025-01-30 14:01 ` [PATCH 5.4 91/91] Input: xpad - add support for wooting two he (arm) Greg Kroah-Hartman
2025-01-30 19:35 ` [PATCH 5.4 00/91] 5.4.290-rc1 review Naresh Kamboju
2025-01-31 8:57 ` Greg Kroah-Hartman
2025-01-30 20:24 ` Florian Fainelli
2025-01-30 22:21 ` Pavel Machek
2025-01-31 5:38 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250130140133.849020544@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=mtsai@redhat.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=snitzer@kernel.org \
--cc=stable@vger.kernel.org \
--cc=thornber@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.