From: "Miguel García" <miguelgarciaroman8@gmail.com>
To: stable@vger.kernel.org
Cc: skhan@linuxfoundation.org, "Christoph Hellwig" <hch@lst.de>,
syzbot+2aca91e1d3ae43aef10c@syzkaller.appspotmail.com,
"Jens Axboe" <axboe@kernel.dk>,
"Miguel García" <miguelgarciaroman8@gmail.com>
Subject: [PATCH 6.1.y] block: make bio_check_eod work for zero sized devices
Date: Sat, 12 Apr 2025 12:24:24 +0200 [thread overview]
Message-ID: <20250412102424.56383-1-miguelgarciaroman8@gmail.com> (raw)
From: Christoph Hellwig <hch@lst.de>
commit 3eb96946f0be6bf447cbdf219aba22bc42672f92 upstream.
This patch is a backport.
Since the dawn of time bio_check_eod has a check for a non-zero size of
the device. This doesn't really make any sense as we never want to send
I/O to a device that's been set to zero size, or never moved out of that.
I am a bit surprised we haven't caught this for a long time, but the
removal of the extra validation inside of zram caused syzbot to trip
over this issue recently. I've added a Fixes tag for that commit, but
the issue really goes back way before git history.
Fixes: 9fe95babc742 ("zram: remove valid_io_request")
Reported-by: syzbot+2aca91e1d3ae43aef10c@syzkaller.appspotmail.com
Bug: https://syzkaller.appspot.com/bug?extid=2aca91e1d3ae43aef10c
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20230524060538.1593686-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe@kernel.dk>
(cherry picked from commit 3eb96946f0be6bf447cbdf219aba22bc42672f92)
Signed-off-by: Miguel García <miguelgarciaroman8@gmail.com>
---
block/blk-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/blk-core.c b/block/blk-core.c
index 94941e3ce219..6a66f4f6912f 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -515,7 +515,7 @@ static inline int bio_check_eod(struct bio *bio)
sector_t maxsector = bdev_nr_sectors(bio->bi_bdev);
unsigned int nr_sectors = bio_sectors(bio);
- if (nr_sectors && maxsector &&
+ if (nr_sectors &&
(nr_sectors > maxsector ||
bio->bi_iter.bi_sector > maxsector - nr_sectors)) {
pr_info_ratelimited("%s: attempt to access beyond end of device\n"
--
2.34.1
next reply other threads:[~2025-04-12 10:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-12 10:24 Miguel García [this message]
2025-04-12 15:43 ` [PATCH 6.1.y] block: make bio_check_eod work for zero sized devices Greg KH
2025-04-13 16:46 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250412102424.56383-1-miguelgarciaroman8@gmail.com \
--to=miguelgarciaroman8@gmail.com \
--cc=axboe@kernel.dk \
--cc=hch@lst.de \
--cc=skhan@linuxfoundation.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+2aca91e1d3ae43aef10c@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.