From: Sasha Levin <sashal@kernel.org>
To: patches@lists.linux.dev, stable@vger.kernel.org
Cc: Sergey Bashirov <sergeybashirov@gmail.com>,
Christoph Hellwig <hch@lst.de>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Sasha Levin <sashal@kernel.org>,
chuck.lever@oracle.com, bcodding@redhat.com
Subject: [PATCH AUTOSEL 6.16-5.4] pNFS: Fix stripe mapping in block/scsi layout
Date: Sun, 10 Aug 2025 12:51:49 -0400 [thread overview]
Message-ID: <20250810165158.1888206-7-sashal@kernel.org> (raw)
In-Reply-To: <20250810165158.1888206-1-sashal@kernel.org>
From: Sergey Bashirov <sergeybashirov@gmail.com>
[ Upstream commit 81438498a285759f31e843ac4800f82a5ce6521f ]
Because of integer division, we need to carefully calculate the
disk offset. Consider the example below for a stripe of 6 volumes,
a chunk size of 4096, and an offset of 70000.
chunk = div_u64(offset, dev->chunk_size) = 70000 / 4096 = 17
offset = chunk * dev->chunk_size = 17 * 4096 = 69632
disk_offset_wrong = div_u64(offset, dev->nr_children) = 69632 / 6 = 11605
disk_chunk = div_u64(chunk, dev->nr_children) = 17 / 6 = 2
disk_offset = disk_chunk * dev->chunk_size = 2 * 4096 = 8192
Signed-off-by: Sergey Bashirov <sergeybashirov@gmail.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20250701122341.199112-1-sergeybashirov@gmail.com
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
LLM Generated explanations, may be completely bogus:
**Backport Status: YES**
This commit should be backported to stable kernel trees for the
following reasons:
## Bug Fix Nature
The commit fixes a critical mathematical calculation error in the pNFS
block/SCSI layout stripe mapping function. The bug causes incorrect disk
offset calculations due to improper integer division, which could lead
to data corruption or incorrect data access in striped pNFS block
layouts.
## Specific Code Analysis
The bug is in the `bl_map_stripe()` function at line 276 of the original
code:
```c
disk_offset = div_u64(offset, dev->nr_children);
```
This calculation is fundamentally wrong. The commit message provides a
clear example showing how the bug manifests:
- With 6 volumes, chunk size 4096, and offset 70000
- The wrong calculation yields disk_offset = 11605
- The correct calculation yields disk_offset = 8192
The fix changes the calculation to:
```c
disk_chunk = div_u64_rem(chunk, dev->nr_children, &chunk_idx);
disk_offset = disk_chunk * dev->chunk_size;
```
This properly calculates which chunk on the specific disk should be
accessed by:
1. First determining the disk_chunk number (which chunk on the target
disk)
2. Then multiplying by chunk_size to get the actual byte offset
## Stable Backport Criteria Met
1. **Fixes a real bug**: Yes - incorrect stripe offset calculation
leading to wrong data access
2. **Small and contained**: Yes - only 3 lines changed, localized to one
function
3. **No major architectural changes**: Correct - simple math fix
4. **Low regression risk**: Yes - the new calculation is mathematically
correct and doesn't change any interfaces
5. **Important for users**: Yes - data corruption/access issues in pNFS
deployments are serious
## Historical Context
Looking at the git history, this area has had previous stable-worthy
fixes:
- Commit 0914bb965e38 fixed an off-by-one error and was explicitly
marked for stable (Cc: stable@vger.kernel.org # 3.17+)
- Commit 5466112f0935 fixed 64-bit division issues in the same function
This indicates that `bl_map_stripe()` is a critical function that has
needed careful attention for correctness, and fixes to it have
historically been considered stable-worthy.
## Impact Assessment
Without this fix, any system using pNFS block layout with striping could
experience:
- Data written to wrong disk locations
- Data read from wrong disk locations
- Potential data corruption or loss
The fix is essential for correct operation of pNFS block layouts with
striping configurations.
fs/nfs/blocklayout/dev.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/nfs/blocklayout/dev.c b/fs/nfs/blocklayout/dev.c
index cab8809f0e0f..44306ac22353 100644
--- a/fs/nfs/blocklayout/dev.c
+++ b/fs/nfs/blocklayout/dev.c
@@ -257,10 +257,11 @@ static bool bl_map_stripe(struct pnfs_block_dev *dev, u64 offset,
struct pnfs_block_dev *child;
u64 chunk;
u32 chunk_idx;
+ u64 disk_chunk;
u64 disk_offset;
chunk = div_u64(offset, dev->chunk_size);
- div_u64_rem(chunk, dev->nr_children, &chunk_idx);
+ disk_chunk = div_u64_rem(chunk, dev->nr_children, &chunk_idx);
if (chunk_idx >= dev->nr_children) {
dprintk("%s: invalid chunk idx %d (%lld/%lld)\n",
@@ -273,7 +274,7 @@ static bool bl_map_stripe(struct pnfs_block_dev *dev, u64 offset,
offset = chunk * dev->chunk_size;
/* disk offset of the stripe */
- disk_offset = div_u64(offset, dev->nr_children);
+ disk_offset = disk_chunk * dev->chunk_size;
child = &dev->children[chunk_idx];
child->map(child, disk_offset, map);
--
2.39.5
next prev parent reply other threads:[~2025-08-10 16:52 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-10 16:51 [PATCH AUTOSEL 6.16-5.10] block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] tools/power turbostat: Handle non-root legacy-uncore sysfs permissions Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] lib/sbitmap: convert shallow_depth from one word to the whole sbitmap Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.1] ASoC: Intel: avs: Fix uninitialized pointer error in probe() Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection Sasha Levin
2025-08-10 16:51 ` Sasha Levin [this message]
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-5.4] pNFS: Fix uninited ptr deref in block/scsi layout Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-5.4] net: phy: smsc: add proper reset flags for LAN8710A Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.15] ASoC: Intel: sof_sdw: Add quirk for Alienware Area 51 (2025) 0CCC SKU Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16] regmap: irq: Free the regmap-irq mutex Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] tools/power turbostat: Fix build with musl Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16] irqchip/mvebu-gicp: Clear pending interrupts on init Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-5.4] pNFS: Fix disk addr range check in block/scsi layout Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-6.12] tools/power turbostat: Handle cap_get_proc() ENOSYS Sasha Levin
2025-08-10 16:51 ` [PATCH AUTOSEL 6.16-5.4] pNFS: Handle RPC size limit for layoutcommits Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250810165158.1888206-7-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=bcodding@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=hch@lst.de \
--cc=patches@lists.linux.dev \
--cc=sergeybashirov@gmail.com \
--cc=stable@vger.kernel.org \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox