github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-17 19:44:58 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4eccc57979
linux/drivers/block
History
Lars Ellenberg 4eccc57979 drbd: fix access of unallocated pages and kernel panic 
BUG: unable to handle kernel NULL pointer dereference at (null)
...
 [<d1e17561>] ? _drbd_bm_set_bits+0x151/0x240 [drbd]
 [<d1e236f8>] ? receive_bitmap+0x4f8/0xbc0 [drbd]

This fixes an off-by-one error in the receive_bitmap() path,
if run-length encoded bitmap transfer is enabled.

If the bitmap is an exact multiple of PAGE_SIZE, which means the visible
capacity of the drbd device is an exact multiple of 128 MiB (for 4k page
size), and bitmap compression (use-rle) is enabled (which became default
with 8.4), and the very last bit is dirty and reported in an rle
comressed bitmap packet, we ended up trying to kmap_atomic a page pointer
that does not exist (bitmap->bm_pages[last index + 1]).

bug introduced by:
    Date:   Fri Jul 24 15:33:24 2009 +0200
    set bits: optimize for complete last word, fix off-by-one-word corner case

made effective by:
    Date:   Thu Dec 16 00:32:38 2010 +0100
    drbd: get rid of unused debug code

    Long time ago, we had paranoia code in the bitmap that allocated one
    extra word, assigned a magic value, and checked on every occasion that
    the magic value was still unchanged.

    That debug code is unused, the extra long word complicates code a bit.
    Get rid of it.

No-one triggered this bug in the last few years, because a large subset
of our userbase is unaffected:
 * typically the last few blocks of a device are not modified
   frequently, and remain unset
 * use-rle was disabled by default in drbd < 8.4
 * those with slightly "odd" device sizes, or
 * drbd internal meta data (which will skew the device size slightly,
   thus makes it harder to have a bug relevant device size)

Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
2012-06-12 14:32:48 +02:00
..
aoe switch device_get_devnode() and ->devnode() to umode_t * 2012-01-03 22:54:55 -05:00
drbd drbd: fix access of unallocated pages and kernel panic 2012-06-12 14:32:48 +02:00
mtip32xx block: mtip32xx: remove HOTPLUG_PCI_PCIE dependancy 2012-04-12 08:47:05 +02:00
paride paride/pcd: fix bool verbose module parameter. 2012-01-13 09:32:26 +10:30
xen-blkback xen/blkback: Fix warning error. 2012-04-18 15:54:08 -04:00
amiflop.c fs: move code out of buffer.c 2012-01-03 22:54:07 -05:00
ataflop.c block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers 2011-04-21 21:33:05 +02:00
brd.c block: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:16 +08:00
cciss_cmd.h cciss: use new doorbell-bit-5 reset method 2011-05-06 08:23:55 -06:00
cciss_scsi.c cciss: Fix scsi tape io with more than 255 scatter gather elements 2012-03-22 21:40:09 +01:00
cciss_scsi.h cciss: add cciss_tape_cmds module paramter 2011-05-06 08:23:59 -06:00
cciss.c block: add and use scsi_blk_cmd_ioctl 2012-01-14 15:07:24 -08:00
cciss.h cciss: Adds simple mode functionality 2011-08-08 11:40:15 +02:00
cpqarray.c drivers/block/cpqarray.c: use pci_dev->revision 2011-09-21 10:02:13 +02:00
cpqarray.h
cryptoloop.c
DAC960.c drivers/block/DAC960: fix -Wuninitialized warning 2012-03-02 10:48:35 +01:00
DAC960.h
floppy.c floppy: remove floppy-specific O_EXCL handling 2012-05-18 15:19:11 +02:00
hd.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ida_cmd.h
ida_ioctl.h
Kconfig usb/ub: deprecate & schedule for removal the "Low Performance USB Block" driver 2012-03-16 13:30:10 -07:00
loop.c block: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:16 +08:00
Makefile Merge git://git.infradead.org/users/willy/linux-nvme 2012-01-18 12:34:09 -08:00
mg_disk.c
nbd.c Merge branch 'akpm' (Andrew's patch-bomb) 2012-03-28 17:19:28 -07:00
nvme.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-03-20 21:12:50 -07:00
osdblk.c
pktcdvd.c block: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:16 +08:00
ps3disk.c block: Fix files that are modules and hence need module.h 2011-10-31 19:31:13 -04:00
ps3vram.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
rbd_types.h rbd: small changes 2012-03-22 10:47:50 -05:00
rbd.c rbd: move snap_rwsem to the device, rename to header_rwsem 2012-03-22 10:47:52 -05:00
smart1,2.h fix typos 'comamnd' -> 'command' in comments 2011-02-02 11:31:21 +01:00
sunvdc.c powerpc+sparc/vio: Modernize driver registration 2012-03-28 11:33:24 +11:00
swim_asm.S
swim.c m68k/mac: cleanup forward declarations 2011-12-10 19:52:46 +01:00
swim3.c block/swim3: Locking fixes 2011-12-12 12:42:12 +01:00
sx8.c block, sx8: fix pointer math issue getting fw version 2012-03-03 19:44:39 +01:00
ub.c usb/ub: deprecate & schedule for removal the "Low Performance USB Block" driver 2012-03-16 13:30:10 -07:00
umem.c block: remove support for bio remapping from ->make_request 2011-09-12 12:12:01 +02:00
umem.h
virtio_blk.c virtio: fixes on top of 3.4-rc2 2012-04-16 18:34:12 -07:00
xd.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
xd.h
xen-blkfront.c xen-blkfront: module exit handling adjustments 2012-05-11 16:11:54 -04:00
xsysace.c block: xsysace: Don't use NO_IRQ 2012-01-05 08:34:29 +01:00
z2ram.c