__bio_for_each_segment assumes that the first argument doesn't change - it
calls "bio_advance_iter_single((bio), &(iter), (bvl).bv_len)" to advance
the iterator. Unfortunatelly, the dm-integrity code changes it - it calls
"bv.bv_len -= pos". When this code path is taken, the iterator would be
out of sync and dm-integrity would report errors. This happens if the
machine is out of memory and "kmalloc" fails.
Fix this bug by making a copy of "bv" and changing the copy instead.
Signed-off-by: Mikulas Patocka <mpato...@redhat.com>
Cc: sta...@vger.kernel.org # v4.12+
Fixes: 7eada909bfd7 ("dm: add integrity target")
---
drivers/md/dm-integrity.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
Index: linux-2.6/drivers/md/dm-integrity.c
===================================================================
--- linux-2.6.orig/drivers/md/dm-integrity.c 2023-12-05 14:29:13.000000000
+0100
+++ linux-2.6/drivers/md/dm-integrity.c 2023-12-05 16:31:30.000000000 +0100
@@ -1755,11 +1755,12 @@ static void integrity_metadata(struct wo
sectors_to_process = dio->range.n_sectors;
__bio_for_each_segment(bv, bio, iter, dio->bio_details.bi_iter)
{
+ struct bio_vec bv_copy = bv;
unsigned int pos;
char *mem, *checksums_ptr;
again:
- mem = bvec_kmap_local(&bv);
+ mem = bvec_kmap_local(&bv_copy);
pos = 0;
checksums_ptr = checksums;
do {
@@ -1768,7 +1769,7 @@ again:
sectors_to_process -= ic->sectors_per_block;
pos += ic->sectors_per_block << SECTOR_SHIFT;
sector += ic->sectors_per_block;
- } while (pos < bv.bv_len && sectors_to_process &&
checksums != checksums_onstack);
+ } while (pos < bv_copy.bv_len && sectors_to_process &&
checksums != checksums_onstack);
kunmap_local(mem);
r = dm_integrity_rw_tag(ic, checksums,
&dio->metadata_block, &dio->metadata_offset,
@@ -1793,9 +1794,9 @@ again:
if (!sectors_to_process)
break;
- if (unlikely(pos < bv.bv_len)) {
- bv.bv_offset += pos;
- bv.bv_len -= pos;
+ if (unlikely(pos < bv_copy.bv_len)) {
+ bv_copy.bv_offset += pos;
+ bv_copy.bv_len -= pos;
goto again;
}
}
