From: "Darrick J. Wong" <djwong@kernel.org>
To: Carlos Maiolino <cem@kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-xfs@vger.kernel.org,
Oleksandr Natalenko <oleksandr@natalenko.name>,
Pavel Reichl <preichl@redhat.com>,
Vlastimil Babka <vbabka@suse.cz>,
Thorsten Leemhuis <linux@leemhuis.info>
Subject: [PATCH v2 1/3] xfs: don't set bt_nr_sectors to a negative number
Date: Tue, 14 Oct 2025 22:01:33 -0700 [thread overview]
Message-ID: <20251015050133.GV6188@frogsfrogsfrogs> (raw)
From: Darrick J. Wong <djwong@kernel.org>
xfs_daddr_t is a signed type, which means that xfs_buf_map_verify is
using a signed comparison. This causes problems if bt_nr_sectors is
never overridden (e.g. in the case of an xfbtree for rmap btree repairs)
because even daddr 0 can't pass the verifier test in that case.
Define an explicit max constant and set the initial bt_nr_sectors to a
positive value.
Found by xfs/422.
Cc: <stable@vger.kernel.org> # v6.18-rc1
Fixes: 42852fe57c6d2a ("xfs: track the number of blocks in each buftarg")
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
---
fs/xfs/xfs_buf.h | 1 +
fs/xfs/xfs_buf.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/xfs/xfs_buf.h b/fs/xfs/xfs_buf.h
index 8fa7bdf59c9110..e25cd2a160f31c 100644
--- a/fs/xfs/xfs_buf.h
+++ b/fs/xfs/xfs_buf.h
@@ -22,6 +22,7 @@ extern struct kmem_cache *xfs_buf_cache;
*/
struct xfs_buf;
+#define XFS_BUF_DADDR_MAX ((xfs_daddr_t) S64_MAX)
#define XFS_BUF_DADDR_NULL ((xfs_daddr_t) (-1LL))
#define XBF_READ (1u << 0) /* buffer intended for reading from device */
diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c
index 773d959965dc29..47edf3041631bb 100644
--- a/fs/xfs/xfs_buf.c
+++ b/fs/xfs/xfs_buf.c
@@ -1751,7 +1751,7 @@ xfs_init_buftarg(
const char *descr)
{
/* The maximum size of the buftarg is only known once the sb is read. */
- btp->bt_nr_sectors = (xfs_daddr_t)-1;
+ btp->bt_nr_sectors = XFS_BUF_DADDR_MAX;
/* Set up device logical sector size mask */
btp->bt_logical_sectorsize = logical_sectorsize;
next reply other threads:[~2025-10-15 5:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-15 5:01 Darrick J. Wong [this message]
2025-10-15 5:03 ` [PATCH v2 2/3] xfs: always warn about deprecated mount options Darrick J. Wong
2025-10-15 5:04 ` [PATCH v2 3/3] xfs: quietly ignore " Darrick J. Wong
2025-10-15 8:07 ` Vlastimil Babka
2025-10-15 15:37 ` Darrick J. Wong
2025-10-17 5:45 ` Christoph Hellwig
2025-10-17 5:46 ` Christoph Hellwig
2025-10-16 16:25 ` [PATCH 4/3] xfs: fix locking in xchk_nlinks_collect_dir Darrick J. Wong
2025-10-17 5:48 ` Christoph Hellwig
2025-10-21 17:57 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251015050133.GV6188@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=cem@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=linux@leemhuis.info \
--cc=oleksandr@natalenko.name \
--cc=preichl@redhat.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox