summaryrefslogtreecommitdiff
path: root/drivers/md/md-bitmap.c
diff options
context:
space:
mode:
authorJon Derrick <jonathan.derrick@linux.dev>2023-02-24 21:33:22 +0300
committerSong Liu <song@kernel.org>2023-04-14 08:20:24 +0300
commit10172f200b67aafcb9b8ce7d0575d713c1aafbb7 (patch)
tree06f77774f5aa2ef9d4b970343d61873123c6ce09 /drivers/md/md-bitmap.c
parent328e17d8d9428b390ab48bdedcaf5106e4b511fe (diff)
downloadlinux-10172f200b67aafcb9b8ce7d0575d713c1aafbb7.tar.xz
md: Fix types in sb writer
Page->index is a pgoff_t and multiplying could cause overflows on a 32-bit architecture. In the sb writer, this is used to calculate and verify the sector being used, and is multiplied by a sector value. Using sector_t will cast it to a u64 type and is the more appropriate type for the unit. Additionally, the integer size unit is converted to a sector unit in later calculations, and is now corrected to be an unsigned type. Finally, clean up the calculations using variable aliases to improve readabiliy. Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jon Derrick <jonathan.derrick@linux.dev> Signed-off-by: Song Liu <song@kernel.org> Link: https://lore.kernel.org/r/20230224183323.638-3-jonathan.derrick@linux.dev
Diffstat (limited to 'drivers/md/md-bitmap.c')
-rw-r--r--drivers/md/md-bitmap.c35
1 files changed, 14 insertions, 21 deletions
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index cdc61e65abae..bf250a5e3a86 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -215,12 +215,13 @@ static int __write_sb_page(struct md_rdev *rdev, struct bitmap *bitmap,
struct block_device *bdev;
struct mddev *mddev = bitmap->mddev;
struct bitmap_storage *store = &bitmap->storage;
- loff_t offset = mddev->bitmap_info.offset;
- int size = PAGE_SIZE;
+ sector_t offset = mddev->bitmap_info.offset;
+ sector_t ps, sboff, doff;
+ unsigned int size = PAGE_SIZE;
bdev = (rdev->meta_bdev) ? rdev->meta_bdev : rdev->bdev;
if (page->index == store->file_pages - 1) {
- int last_page_size = store->bytes & (PAGE_SIZE - 1);
+ unsigned int last_page_size = store->bytes & (PAGE_SIZE - 1);
if (last_page_size == 0)
last_page_size = PAGE_SIZE;
@@ -228,43 +229,35 @@ static int __write_sb_page(struct md_rdev *rdev, struct bitmap *bitmap,
bdev_logical_block_size(bdev));
}
+ ps = page->index * PAGE_SIZE / SECTOR_SIZE;
+ sboff = rdev->sb_start + offset;
+ doff = rdev->data_offset;
+
/* Just make sure we aren't corrupting data or metadata */
if (mddev->external) {
/* Bitmap could be anywhere. */
- if (rdev->sb_start + offset
- + (page->index * (PAGE_SIZE / SECTOR_SIZE))
- > rdev->data_offset &&
- rdev->sb_start + offset
- < (rdev->data_offset + mddev->dev_sectors
- + (PAGE_SIZE / SECTOR_SIZE)))
+ if (sboff + ps > doff &&
+ sboff < (doff + mddev->dev_sectors + PAGE_SIZE / SECTOR_SIZE))
return -EINVAL;
} else if (offset < 0) {
/* DATA BITMAP METADATA */
- if (offset
- + (long)(page->index * (PAGE_SIZE / SECTOR_SIZE))
- + size / SECTOR_SIZE > 0)
+ if (offset + ps + size / SECTOR_SIZE > 0)
/* bitmap runs in to metadata */
return -EINVAL;
- if (rdev->data_offset + mddev->dev_sectors
- > rdev->sb_start + offset)
+ if (doff + mddev->dev_sectors > sboff)
/* data runs in to bitmap */
return -EINVAL;
} else if (rdev->sb_start < rdev->data_offset) {
/* METADATA BITMAP DATA */
- if (rdev->sb_start + offset
- + page->index * (PAGE_SIZE / SECTOR_SIZE)
- + size / SECTOR_SIZE > rdev->data_offset)
+ if (sboff + ps + size / SECTOR_SIZE > doff)
/* bitmap runs in to data */
return -EINVAL;
} else {
/* DATA METADATA BITMAP - no problems */
}
- md_super_write(mddev, rdev,
- rdev->sb_start + offset
- + page->index * (PAGE_SIZE / SECTOR_SIZE),
- size, page);
+ md_super_write(mddev, rdev, sboff + ps, (int) size, page);
return 0;
}