linux

mirror of https://github.com/torvalds/linux.git synced 2026-06-06 13:37:36 +02:00

History

Heming Zhao e69e93120f md/bitmap: don't set sb values if can't pass sanity check [ Upstream commit `e68cb83a57` ] If bitmap area contains invalid data, kernel will crash then mdadm triggers "Segmentation fault". This is cluster-md speical bug. In non-clustered env, mdadm will handle broken metadata case. In clustered array, only kernel space handles bitmap slot info. But even this bug only happened in clustered env, current sanity check is wrong, the code should be changed. How to trigger: (faulty injection) dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sda dd if=/dev/zero bs=1M count=1 oflag=direct of=/dev/sdb mdadm -C /dev/md0 -b clustered -e 1.2 -n 2 -l mirror /dev/sda /dev/sdb mdadm -Ss echo aaa > magic.txt == below modifying slot 2 bitmap data == dd if=magic.txt of=/dev/sda seek=16384 bs=1 count=3 <== destroy magic dd if=/dev/zero of=/dev/sda seek=16436 bs=1 count=4 <== ZERO chunksize mdadm -A /dev/md0 /dev/sda /dev/sdb == kernel crashes. mdadm outputs "Segmentation fault" == Reason of kernel crash: In md_bitmap_read_sb (called by md_bitmap_create), bad bitmap magic didn't block chunksize assignment, and zero value made DIV_ROUND_UP_SECTOR_T() trigger "divide error". Crash log: kernel: md: md0 stopped. kernel: md/raid1:md0: not clean -- starting background reconstruction kernel: md/raid1:md0: active with 2 out of 2 mirrors kernel: dlm: ... ... kernel: md-cluster: Joined cluster 44810aba-38bb-e6b8-daca-bc97a0b254aa slot 1 kernel: md0: invalid bitmap file superblock: bad magic kernel: md_bitmap_copy_from_slot can't get bitmap from slot 2 kernel: md-cluster: Could not gather bitmaps from slot 2 kernel: divide error: 0000 [#1] SMP NOPTI kernel: CPU: 0 PID: 1603 Comm: mdadm Not tainted 5.14.6-1-default kernel: Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod] kernel: RSP: 0018:ffffc22ac0843ba0 EFLAGS: 00010246 kernel: ... ... kernel: Call Trace: kernel: ? dlm_lock_sync+0xd0/0xd0 [md_cluster 77fe..7a0] kernel: md_bitmap_copy_from_slot+0x2c/0x290 [md_mod 24ea..d3a] kernel: load_bitmaps+0xec/0x210 [md_cluster 77fe..7a0] kernel: md_bitmap_load+0x81/0x1e0 [md_mod 24ea..d3a] kernel: do_md_run+0x30/0x100 [md_mod 24ea..d3a] kernel: md_ioctl+0x1290/0x15a0 [md_mod 24ea....d3a] kernel: ? mddev_unlock+0xaa/0x130 [md_mod 24ea..d3a] kernel: ? blkdev_ioctl+0xb1/0x2b0 kernel: block_ioctl+0x3b/0x40 kernel: __x64_sys_ioctl+0x7f/0xb0 kernel: do_syscall_64+0x59/0x80 kernel: ? exit_to_user_mode_prepare+0x1ab/0x230 kernel: ? syscall_exit_to_user_mode+0x18/0x40 kernel: ? do_syscall_64+0x69/0x80 kernel: entry_SYSCALL_64_after_hwframe+0x44/0xae kernel: RIP: 0033:0x7f4a15fa722b kernel: ... ... kernel: ---[ end trace 8afa7612f559c868 ]--- kernel: RIP: 0010:md_bitmap_create+0x1d1/0x850 [md_mod] Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Guoqing Jiang <guoqing.jiang@linux.dev> Signed-off-by: Heming Zhao <heming.zhao@suse.com> Signed-off-by: Song Liu <song@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2022-06-09 10:20:52 +02:00
..
bcache	bcache: fixup multiple threads crash	2022-04-08 14:39:57 +02:00
persistent-data	dm space map common: add bounds check to sm_ll_lookup_bitmap()	2022-01-27 10:54:20 +01:00
dm-bio-prison-v1.c	dm bio prison: replace spin_lock_irqsave with spin_lock_irq	2019-11-05 14:53:03 -05:00
dm-bio-prison-v1.h
dm-bio-prison-v2.c	dm bio prison v2: use true/false for bool variable	2020-01-07 12:07:08 -05:00
dm-bio-prison-v2.h
dm-bio-record.h	dm bio record: save/restore bi_end_io and bi_integrity	2020-03-03 10:02:46 -05:00
dm-bufio.c	dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size	2021-03-09 11:11:12 +01:00
dm-builtin.c	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
dm-cache-background-tracker.c	dm cache background tracker: fix sparse warning	2018-04-30 15:40:40 -04:00
dm-cache-background-tracker.h
dm-cache-block-types.h
dm-cache-metadata.c	dm cache metadata: Avoid returning cmd->bm wild pointer on error	2020-09-02 13:38:24 -04:00
dm-cache-metadata.h
dm-cache-policy-internal.h
dm-cache-policy-smq.c	dm: remove unnecessary unlikely() around WARN_ON_ONCE()	2018-10-16 14:34:59 -04:00
dm-cache-policy.c
dm-cache-policy.h
dm-cache-target.c	Revert "dm cache: fix arm link errors with inline"	2020-12-01 15:43:36 -05:00
dm-clone-metadata.c	dm clone metadata: Fix return type of dm_clone_nr_of_hydrated_regions()	2020-03-27 14:42:51 -04:00
dm-clone-metadata.h	dm clone metadata: Fix return type of dm_clone_nr_of_hydrated_regions()	2020-03-27 14:42:51 -04:00
dm-clone-target.c	writeback: remove bdi->congested_fn	2020-07-08 17:20:46 -06:00
dm-core.h	dm: fix deadlock when swapping to encrypted device	2021-03-04 11:38:44 +01:00
dm-crypt.c	dm crypt: make printing of the key constant-time	2022-06-06 08:42:44 +02:00
dm-delay.c	block: rename generic_make_request to submit_bio_noacct	2020-07-01 07:27:24 -06:00
dm-dust.c	dm dust: add interface to list all badblocks	2020-07-20 11:17:41 -04:00
dm-ebs-target.c	dm ebs: Fix incorrect checking for REQ_OP_FLUSH	2020-08-04 16:01:40 -04:00
dm-era-target.c	dm era: only resize metadata in preresume	2021-03-04 11:38:46 +01:00
dm-exception-store.c
dm-exception-store.h	- Improve DM snapshot target's scalability by using finer grained	2019-05-16 15:55:48 -07:00
dm-flakey.c	block: rework zone reporting	2019-11-12 19:12:07 -07:00
dm-historical-service-time.c	dm mpath: only use ktime_get_ns() in historical selector	2022-04-20 09:23:18 +02:00
dm-init.c	dm init: Set file local variable static	2020-08-04 15:51:28 -04:00
dm-integrity.c	dm integrity: fix error code in dm_integrity_ctr()	2022-06-06 08:42:43 +02:00
dm-io.c	treewide: Remove uninitialized_var() usage	2020-07-16 12:35:15 -07:00
dm-ioctl.c	dm ioctl: prevent potential spectre v1 gadget	2022-04-13 21:00:57 +02:00
dm-kcopyd.c	dm kcopyd: always complete failed jobs	2019-08-15 15:57:39 -04:00
dm-linear.c	dm: add support for REQ_NOWAIT and enable it for linear target	2020-09-25 08:20:03 -06:00
dm-log-userspace-base.c	dm: convert to bioset_init()/mempool_init()	2018-05-30 15:33:32 -06:00
dm-log-userspace-transfer.c
dm-log-userspace-transfer.h
dm-log-writes.c	dm: replace zero-length array with flexible-array	2020-05-20 17:09:44 -04:00
dm-log.c
dm-mpath.c	dm: use dm_table_get_device_name() where appropriate in targets	2020-09-29 16:33:08 -04:00
dm-mpath.h
dm-path-selector.c
dm-path-selector.h	dm mpath: pass IO start time to path selector	2020-05-15 10:29:36 -04:00
dm-queue-length.c	dm mpath: pass IO start time to path selector	2020-05-15 10:29:36 -04:00
dm-raid.c	dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences	2021-05-11 14:47:36 +02:00
dm-raid1.c	block: rename generic_make_request to submit_bio_noacct	2020-07-01 07:27:24 -06:00
dm-region-hash.c	- Error path bug fix for overflow tests (Dan)	2018-06-12 18:28:00 -07:00
dm-round-robin.c
dm-rq.c	dm: requeue IO if mapping table not yet available	2022-04-13 21:00:57 +02:00
dm-rq.h	dm: remove unused _rq_tio_cache and _rq_cache	2019-03-05 14:48:50 -05:00
dm-service-time.c	dm mpath: pass IO start time to path selector	2020-05-15 10:29:36 -04:00
dm-snap-persistent.c	dm snap persistent: simplify area_io()	2020-09-29 16:33:12 -04:00
dm-snap-transient.c
dm-snap.c	dm snapshot: properly fix a crash when an origin has no snapshots	2021-06-03 09:00:30 +02:00
dm-stats.c	dm stats: add cond_resched when looping over entries	2022-06-06 08:42:44 +02:00
dm-stats.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
dm-stripe.c	dm: replace zero-length array with flexible-array	2020-05-20 17:09:44 -04:00
dm-switch.c	dm: replace zero-length array with flexible-array	2020-05-20 17:09:44 -04:00
dm-sysfs.c	dm: remove legacy request-based IO path	2018-10-11 11:36:09 -04:00
dm-table.c	dm table: Fix zoned model check and zone sectors check	2021-03-30 14:32:06 +02:00
dm-target.c	dm mpath: fix missing call of path selector type->end_io	2019-04-25 15:38:52 -04:00
dm-thin-metadata.c	dm thin metadata: Remove unused local variable when create thin and snap	2020-09-29 16:33:11 -04:00
dm-thin-metadata.h	dm thin metadata: Add support for a pre-commit callback	2019-12-05 17:05:24 -05:00
dm-thin.c	writeback: remove bdi->congested_fn	2020-07-08 17:20:46 -06:00
dm-uevent.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
dm-uevent.h	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156	2019-05-30 11:26:35 -07:00
dm-unstripe.c	dm: Check for device sector overflow if CONFIG_LBDAF is not set	2018-12-18 09:02:26 -05:00
dm-verity-fec.c	dm verity fec: fix misaligned RS roots IO	2021-04-21 13:00:54 +02:00
dm-verity-fec.h	dm verity fec: fix misaligned RS roots IO	2021-04-21 13:00:54 +02:00
dm-verity-target.c	dm verity: set DM_TARGET_IMMUTABLE feature flag	2022-06-06 08:42:44 +02:00
dm-verity-verify-sig.c	dm verity: fix require_signatures module_param permissions	2021-06-16 12:01:37 +02:00
dm-verity-verify-sig.h	dm verity: Fix compilation warning	2020-08-04 15:48:13 -04:00
dm-verity.h	dm verity: add "panic_on_corruption" error handling mode	2020-07-13 11:47:33 -04:00
dm-writecache.c	dm writecache: write at least 4k when committing	2021-07-19 09:45:02 +02:00
dm-zero.c
dm-zoned-metadata.c	dm zoned: check zone capacity	2021-07-19 09:45:01 +02:00
dm-zoned-reclaim.c	dm zoned: Fix zone reclaim trigger	2020-07-08 12:21:53 -04:00
dm-zoned-target.c	dm table: Fix zoned model check and zone sectors check	2021-03-30 14:32:06 +02:00
dm-zoned.h	dm zoned: select reclaim zone based on device index	2020-06-05 14:59:53 -04:00
dm.c	dm: interlock pending dm_io and dm_wait_for_bios_completion	2022-05-12 12:25:45 +02:00
dm.h	dm table: fix DAX iterate_devices based device capability checks	2021-03-04 11:38:44 +01:00
Kconfig	dm integrity: select CRYPTO_SKCIPHER	2021-01-27 11:54:57 +01:00
Makefile	md: move the early init autodetect code to drivers/md/	2020-07-16 15:34:47 +02:00
md-autodetect.c	treewide: Use fallthrough pseudo-keyword	2020-08-23 17:36:59 -05:00
md-bitmap.c	md/bitmap: don't set sb values if can't pass sanity check	2022-06-09 10:20:52 +02:00
md-bitmap.h	md: Avoid namespace collision with bitmap API	2018-08-01 15:49:39 -07:00
md-cluster.c	md/cluster: fix deadlock when node is doing resync job	2020-12-30 11:54:25 +01:00
md-cluster.h	md-cluster: introduce resync_info_get interface for sanity check	2018-10-18 09:36:35 -07:00
md-faulty.c	block: rename generic_make_request to submit_bio_noacct	2020-07-01 07:27:24 -06:00
md-linear.c	block: add a new revalidate_disk_size helper	2020-09-02 08:00:07 -06:00
md-linear.h	md/raid1: Replace zero-length array with flexible-array	2020-05-13 12:02:23 -07:00
md-multipath.c	writeback: remove bdi->congested_fn	2020-07-08 17:20:46 -06:00
md-multipath.h	md: convert to bioset_init()/mempool_init()	2018-05-30 15:33:32 -06:00
md.c	md: revert io stats accounting	2022-01-16 09:14:21 +01:00
md.h	md: revert io stats accounting	2022-01-16 09:14:21 +01:00
raid1-10.c	md: raid1-10: Unify r{1,10}bio_pool_free	2019-06-15 01:37:35 -06:00
raid1.c	md/raid10: properly indicate failure when ending a failed write request	2021-08-12 13:22:17 +02:00
raid1.h	md/raid1: Replace zero-length array with flexible-array	2020-05-13 12:02:23 -07:00
raid5-cache.c	raid5-cache: hold spinlock instead of mutex in r5c_journal_mode_show	2020-08-02 23:03:52 -07:00
raid5-log.h	raid5: set write hint for PPL	2019-03-12 10:15:18 -07:00
raid5-ppl.c	md/raid456: convert macro STRIPE_* to RAID5_STRIPE_*	2020-07-21 17:18:12 -07:00
raid5.c	raid5: introduce MD_BROKEN	2022-06-06 08:42:44 +02:00
raid5.h	md/raid5: let multiple devices of stripe_head share page	2020-09-24 16:44:44 -07:00
raid10.c	md/raid10: properly indicate failure when ending a failed write request	2021-08-12 13:22:17 +02:00
raid10.h	Revert "md/raid10: improve discard request for far layout"	2020-12-09 20:46:00 -08:00
raid0.c	Revert "md: add md_submit_discard_bio() for submitting discard bio"	2020-12-09 20:46:01 -08:00
raid0.h	md/raid0: avoid RAID0 data corruption due to layout confusion.	2019-09-13 13:10:05 -07:00