From nobody Thu Apr 2 19:56:26 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96C97C6FA82 for ; Wed, 21 Sep 2022 15:50:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231671AbiIUPux (ORCPT ); Wed, 21 Sep 2022 11:50:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50442 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230217AbiIUPuB (ORCPT ); Wed, 21 Sep 2022 11:50:01 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F23BF9AFA1; Wed, 21 Sep 2022 08:48:18 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 61A06B82714; Wed, 21 Sep 2022 15:48:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 90F89C433D7; Wed, 21 Sep 2022 15:48:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1663775297; bh=rUgipJmpjZh5pth/kIAQWW4Q0vsv4QZFp+a/XZ7EPeI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xhCj0dYD63JjkoqB05rLcPqpTKG+NGLMSQchwfclYTK3Jvh9BfzSllD848LCGCByl Uv0BzHPWQ8cAd56ZhFe2VTWdJ1jHt3Uuiqd65auDksK57cqBHY9utMo8IMuMLiu5v8 Cau3xy2htGC8J082KUupxHX0nPDGjYmb8hXoyvwM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mikulas Patocka , Jens Axboe Subject: [PATCH 5.19 25/38] blk-lib: fix blkdev_issue_secure_erase Date: Wed, 21 Sep 2022 17:46:09 +0200 Message-Id: <20220921153647.052501707@linuxfoundation.org> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220921153646.298361220@linuxfoundation.org> References: <20220921153646.298361220@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Mikulas Patocka commit c4fa368466cc1b60bb92f867741488930ddd6034 upstream. There's a bug in blkdev_issue_secure_erase. The statement "unsigned int len =3D min_t(sector_t, nr_sects, max_sectors);" sets the variable "len" to the length in sectors, but the statement "bio->bi_iter.bi_size =3D len" treats it as if it were in bytes. The statements "sector +=3D len << SECTOR_SHIFT" and "nr_sects -=3D len << SECTOR_SHIFT" are thinko. This patch fixes it. Signed-off-by: Mikulas Patocka Cc: stable@vger.kernel.org # v5.19 Fixes: 44abff2c0b97 ("block: decouple REQ_OP_SECURE_ERASE from REQ_OP_DISCA= RD") Link: https://lore.kernel.org/r/alpine.LRH.2.02.2209141549480.28100@file01.= intranet.prod.int.rdu2.redhat.com Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman --- block/blk-lib.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) --- a/block/blk-lib.c +++ b/block/blk-lib.c @@ -311,6 +311,11 @@ int blkdev_issue_secure_erase(struct blo struct blk_plug plug; int ret =3D 0; =20 + /* make sure that "len << SECTOR_SHIFT" doesn't overflow */ + if (max_sectors > UINT_MAX >> SECTOR_SHIFT) + max_sectors =3D UINT_MAX >> SECTOR_SHIFT; + max_sectors &=3D ~bs_mask; + if (max_sectors =3D=3D 0) return -EOPNOTSUPP; if ((sector | nr_sects) & bs_mask) @@ -324,10 +329,10 @@ int blkdev_issue_secure_erase(struct blo =20 bio =3D blk_next_bio(bio, bdev, 0, REQ_OP_SECURE_ERASE, gfp); bio->bi_iter.bi_sector =3D sector; - bio->bi_iter.bi_size =3D len; + bio->bi_iter.bi_size =3D len << SECTOR_SHIFT; =20 - sector +=3D len << SECTOR_SHIFT; - nr_sects -=3D len << SECTOR_SHIFT; + sector +=3D len; + nr_sects -=3D len; if (!nr_sects) { ret =3D submit_bio_wait(bio); bio_put(bio);