From 1c0ac9b5673d72b4b2e15337708234a2f520fe1c Mon Sep 17 00:00:00 2001 From: Coly Li Date: Apr 13 2024 06:43:53 +0000 Subject: dm flakey: don't corrupt the zero page (git-fixes). --- diff --git a/patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch b/patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch new file mode 100644 index 0000000..4201e25 --- /dev/null +++ b/patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch @@ -0,0 +1,51 @@ +From f50714b57aecb6b3dc81d578e295f86d9c73f078 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Sun, 22 Jan 2023 14:02:57 -0500 +Subject: [PATCH] dm flakey: don't corrupt the zero page +Git-commit: f50714b57aecb6b3dc81d578e295f86d9c73f078 +Patch-mainline: v6.3-rc1 +References: git-fixes + +When we need to zero some range on a block device, the function +__blkdev_issue_zero_pages submits a write bio with the bio vector pointing +to the zero page. If we use dm-flakey with corrupt bio writes option, it +will corrupt the content of the zero page which results in crashes of +various userspace programs. Glibc assumes that memory returned by mmap is +zeroed and it uses it for calloc implementation; if the newly mapped +memory is not zeroed, calloc will return non-zeroed memory. + +Fix this bug by testing if the page is equal to ZERO_PAGE(0) and +avoiding the corruption in this case. + +Cc: stable@vger.kernel.org +Fixes: a00f5276e266 ("dm flakey: Properly corrupt multi-page bios.") +Signed-off-by: Mikulas Patocka +Reviewed-by: Sweet Tea Dorminy +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-flakey.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c +index 89fa7a68c6c4..ff9ca5b2a47e 100644 +--- a/drivers/md/dm-flakey.c ++++ b/drivers/md/dm-flakey.c +@@ -303,8 +303,11 @@ static void corrupt_bio_data(struct bio *bio, struct flakey_c *fc) + */ + bio_for_each_segment(bvec, bio, iter) { + if (bio_iter_len(bio, iter) > corrupt_bio_byte) { +- char *segment = (page_address(bio_iter_page(bio, iter)) +- + bio_iter_offset(bio, iter)); ++ char *segment; ++ struct page *page = bio_iter_page(bio, iter); ++ if (unlikely(page == ZERO_PAGE(0))) ++ break; ++ segment = (page_address(page) + bio_iter_offset(bio, iter)); + segment[corrupt_bio_byte] = fc->corrupt_bio_value; + DMDEBUG("Corrupting data bio=%p by writing %u to byte %u " + "(rw=%c bi_opf=%u bi_sector=%llu size=%u)\n", +-- +2.35.3 + diff --git a/series.conf b/series.conf index 77d0e4d..061ce69 100644 --- a/series.conf +++ b/series.conf @@ -40067,6 +40067,7 @@ patches.suse/docs-ftrace-fix-a-issue-with-duplicated-subtitle-num.patch patches.suse/docs-scripts-gdb-add-necessary-make-scripts_gdb-step.patch patches.suse/audit-update-the-mailing-list-in-MAINTAINERS.patch + patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch patches.suse/dm-add-cond_resched-to-dm_wq_requeue_work-f776.patch patches.suse/scsi-libsas-Remove-useless-dev_list-delete-in-sas_ex_discover_end_dev.patch patches.suse/scsi-qla2xxx-check-if-port-is-online-before-sending-els.patch