Re: [PATCH] dm pcache: reject mappings larger than backing

[Dongsheng Yang <dongsheng.yang@linux.dev>]

在 12/8/2025 7:25 PM, Li Chen 写道:
> Reject pcache targets whose logical size exceeds the backing device.
> Prevent oversized tables from issuing IO past the end of the backing,
> which may corrupt memory and cause kernel crash.
>
> Signed-off-by: Li Chen <me@linux.beauty>
> ---
>   drivers/md/dm-pcache/dm_pcache.c | 15 +++++++++++++++
>   1 file changed, 15 insertions(+)
>
> diff --git a/drivers/md/dm-pcache/dm_pcache.c b/drivers/md/dm-pcache/dm_pcache.c
> index e5f5936fa6f0..f72d1ba4b740 100644
> --- a/drivers/md/dm-pcache/dm_pcache.c
> +++ b/drivers/md/dm-pcache/dm_pcache.c
> @@ -199,6 +199,8 @@ static int parse_cache_opts(struct dm_pcache *pcache, struct dm_arg_set *as,
>   static int pcache_start(struct dm_pcache *pcache, char **error)
>   {
>   	int ret;
> +	struct dm_target *ti = pcache->ti;
> +	struct pcache_backing_dev *backing_dev;
>   
>   	ret = cache_dev_start(pcache);
>   	if (ret) {
> @@ -212,6 +214,19 @@ static int pcache_start(struct dm_pcache *pcache, char **error)
>   		goto stop_cache;
>   	}
>   
> +	/* Sanity-check: logical size must not exceed backing device size */
> +	backing_dev = &pcache->backing_dev;
> +	if (ti->len > backing_dev->dev_size) {
> +		pcache_dev_err(
> +			pcache,
> +			"backing device too small: logical=%llu sectors, backing=%llu sectors",
> +			(unsigned long long)ti->len,
> +			(unsigned long long)backing_dev->dev_size);
> +		*error = "Requested mapping exceeds backing device size";
> +		ret = -EINVAL;
> +		goto stop_backing;
> +	}
> +


Thanx for your patch, When developing dm-pcache, I considered whether to 
add a check there (for target size vs backing device size). But after 
looking at other existing targets, it seems none of them implement such 
a check, so I wasn't sure there is a requirement; hence I didn't add it 
at that time.

On the other hand, given that the “target size” parameter in the mapping 
table is a generic parameter, if we want such a check, it would be 
better to implement a generic mechanism in the Device-Mapper core 
construction path — provide a hook that allows every target to return a 
“maximum creatable target size”, and then in the core path validate the 
user-provided target size against that max size before creation.

That is just my personal idea; I hope Mikulas can provide more 
information about it.


Thanx

>   	ret = pcache_cache_start(pcache);
>   	if (ret) {
>   		*error = "Failed to start pcache";