mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/block
History
Rik van Riel 62accf6c1d blk-iocost: avoid out of bounds shift 
[ Upstream commit beaa51b360 ]

UBSAN catches undefined behavior in blk-iocost, where sometimes
iocg->delay is shifted right by a number that is too large,
resulting in undefined behavior on some architectures.

[  186.556576] ------------[ cut here ]------------
UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23
shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long')
CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S          E    N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1
Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020
Call Trace:
 <IRQ>
 dump_stack_lvl+0x8f/0xe0
 __ubsan_handle_shift_out_of_bounds+0x22c/0x280
 iocg_kick_delay+0x30b/0x310
 ioc_timer_fn+0x2fb/0x1f80
 __run_timer_base+0x1b6/0x250
...

Avoid that undefined behavior by simply taking the
"delay = 0" branch if the shift is too large.

I am not sure what the symptoms of an undefined value
delay will be, but I suspect it could be more than a
little annoying to debug.

Signed-off-by: Rik van Riel <riel@surriel.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Josef Bacik <josef@toxicpanda.com>
Cc: Jens Axboe <axboe@kernel.dk>
Acked-by: Tejun Heo <tj@kernel.org>
Link: https://lore.kernel.org/r/20240404123253.0f58010f@imladris.surriel.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-05-17 11:48:04 +02:00
..
partitions block/partition: fix signedness issue for Amiga partitions 2023-07-27 08:44:18 +02:00
Kconfig blk-wbt: Remove obsolete multiqueue I/O scheduling comment 2020-09-01 16:49:26 -06:00
Kconfig.iosched
Makefile blk-mq: merge blk-softirq.c into blk-mq.c 2020-06-24 09:15:56 -06:00
badblocks.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
bfq-cgroup.c block, bfq: fix uaf for bfqq in bic_set_bfqq() 2023-03-17 08:45:14 +01:00
bfq-iosched.c block, bfq: fix uaf for bfqq in bic_set_bfqq() 2023-03-17 08:45:14 +01:00
bfq-iosched.h bfq: Get rid of __bio_blkcg() usage 2022-06-09 10:21:31 +02:00
bfq-wf2q.c bfq: fix blkio cgroup leakage v4 2020-08-18 07:48:08 -07:00
bio-integrity.c block: bio-integrity: Copy flags when bio_integrity_payload is cloned 2023-03-11 16:39:16 +01:00
bio.c block: prevent an integer overflow in bvec_try_merge_hw_page 2024-02-23 08:42:09 +01:00
blk-cgroup-rwstat.c blk-cgroup: Fix the recursive blkg rwstat 2021-03-30 14:31:48 +02:00
blk-cgroup-rwstat.h
blk-cgroup.c blk-cgroup: fix missing pd_online_fn() while activating policy 2023-02-06 07:56:15 +01:00
blk-core.c block: fix use-after-free of q->q_usage_counter 2023-10-10 21:53:36 +02:00
blk-crypto-fallback.c block: rename generic_make_request to submit_bio_noacct 2020-07-01 07:27:24 -06:00
blk-crypto-internal.h blk-mq: release crypto keyslot before reporting I/O complete 2023-05-17 11:47:32 +02:00
blk-crypto.c blk-crypto: make blk_crypto_evict_key() more robust 2023-05-17 11:47:32 +02:00
blk-exec.c
blk-flush.c block: Fix fsync always failed if once failed 2022-01-27 10:54:30 +01:00
blk-integrity.c block: flush the integrity workqueue in blk_integrity_unregister 2021-09-30 10:11:06 +02:00
blk-ioc.c block: remove retry loop in ioc_release_fn() 2020-07-16 10:22:15 -06:00
blk-iocost.c blk-iocost: avoid out of bounds shift 2024-05-17 11:48:04 +02:00
blk-iolatency.c blk-iolatency: Fix inflight count imbalances and IO hangs on offline 2022-06-09 10:21:29 +02:00
blk-lib.c block: add a bdev_is_partition helper 2020-09-25 08:18:57 -06:00
blk-map.c block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern 2022-05-12 12:25:45 +02:00
blk-merge.c blk-mq: release crypto keyslot before reporting I/O complete 2023-05-17 11:47:32 +02:00
blk-mq-cpumap.c blk-mq: remove the calling of local_memory_node() 2020-10-20 07:08:17 -06:00
blk-mq-debugfs-zoned.c
blk-mq-debugfs.c blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created 2022-08-21 15:15:35 +02:00
blk-mq-debugfs.h
blk-mq-pci.c
blk-mq-rdma.c
blk-mq-sched.c blk-mq: correct stale comment of .get_budget 2023-03-11 16:39:15 +01:00
blk-mq-sched.h block-5.10-2020-10-12 2020-10-13 12:12:44 -07:00
blk-mq-sysfs.c blk-mq: fix possible memleak when register 'hctx' failed 2023-01-14 10:16:19 +01:00
blk-mq-tag.c blk-mq: avoid to iterate over stale request 2021-09-30 10:11:05 +02:00
blk-mq-tag.h blk-mq: clear stale request in tags->rq[] before freeing one request pool 2021-07-14 16:55:58 +02:00
blk-mq-virtio.c
blk-mq.c blk-mq: fix IO hang from sbitmap wakeup race 2024-02-23 08:42:14 +01:00
blk-mq.h blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter 2021-07-14 16:55:58 +02:00
blk-pm.c scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() 2022-01-27 10:54:08 +01:00
blk-pm.h scsi: block: Do not accept any requests while suspended 2021-01-12 20:18:17 +01:00
blk-rq-qos.c rq-qos: fix missed wake-ups in rq_qos_throttle try two 2021-07-19 09:45:00 +02:00
blk-rq-qos.h block: fix race between adding/removing rq qos and normal IO 2021-07-14 16:56:00 +02:00
blk-settings.c block: Clear zone limits for a non-zoned stacked queue 2024-04-13 12:58:07 +02:00
blk-stat.c block: prevent division by zero in blk_rq_stat_sum() 2024-04-13 12:59:49 +02:00
blk-stat.h
blk-sysfs.c block: introduce zone_write_granularity limit 2024-04-13 12:58:07 +02:00
blk-throttle.c blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" 2023-12-20 15:44:31 +01:00
blk-timeout.c block: blk-timeout: delete duplicated word 2020-07-31 16:29:47 -06:00
blk-wbt.c blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() 2022-10-30 09:41:19 +01:00
blk-wbt.h blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() 2021-07-14 16:56:12 +02:00
blk-zoned.c blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN 2021-09-18 13:40:06 +02:00
blk.h block: bump max plugged deferred size from 16 to 32 2021-11-18 14:03:57 +01:00
bounce.c block: make bio_crypt_clone() able to fail 2020-10-05 10:47:43 -06:00
bsg-lib.c block: drop double zeroing 2020-09-23 09:18:13 -06:00
bsg.c scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND 2021-09-18 13:40:11 +02:00
cmdline-parser.c
elevator.c block/wbt: fix negative inflight counter when remove scsi device 2022-02-23 12:01:04 +01:00
genhd.c block: Suppress uevent for hidden device when removed 2021-03-30 14:31:52 +02:00
ioctl.c block: add check that partition length needs to be aligned with block size 2024-04-13 12:59:23 +02:00
ioprio.c block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) 2021-12-14 11:32:40 +01:00
keyslot-manager.c blk-crypto: make blk_crypto_evict_key() more robust 2023-05-17 11:47:32 +02:00
kyber-iosched.c kyber: fix out of bounds access when preempted 2021-05-19 10:13:13 +02:00
mq-deadline.c block: return ELEVATOR_DISCARD_MERGE if possible 2021-09-15 09:50:28 +02:00
opal_proto.h block: sed-opal: handle empty atoms when parsing response 2024-03-26 18:21:46 -04:00
scsi_ioctl.c drivers-5.10-2020-10-12 2020-10-13 13:04:41 -07:00
sed-opal.c block: sed-opal: handle empty atoms when parsing response 2024-03-26 18:21:46 -04:00
t10-pi.c