mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-14 23:26:39 +07:00
9471744767
The BUG_ON at the end of __bch_btree_mark_key can be triggered due to an integer overflow error: BITMASK(GC_SECTORS_USED, struct bucket, gc_mark, 2, 13); ... SET_GC_SECTORS_USED(g, min_t(unsigned, GC_SECTORS_USED(g) + KEY_SIZE(k), (1 << 14) - 1)); BUG_ON(!GC_SECTORS_USED(g)); In bcache.h, the SECTORS_USED bitfield is defined to be 13 bits wide. While the SET_ code tries to ensure that the field doesn't overflow by clamping it to (1<<14)-1 == 16383, this is incorrect because 16383 requires 14 bits. Therefore, if GC_SECTORS_USED() + KEY_SIZE() = 8192, the SET_ statement tries to store 8192 into a 13-bit field. In a 13-bit field, 8192 becomes zero, thus triggering the BUG_ON. Therefore, create a field width constant and a max value constant, and use those to create the bitfield and check the inputs to SET_GC_SECTORS_USED. Arguably the BITMASK() template ought to have BUG_ON checks for too-large values, but that's a separate patch. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> |
||
|---|---|---|
| .. | ||
| alloc.c | ||
| bcache.h | ||
| bset.c | ||
| bset.h | ||
| btree.c | ||
| btree.h | ||
| closure.c | ||
| closure.h | ||
| debug.c | ||
| debug.h | ||
| extents.c | ||
| extents.h | ||
| io.c | ||
| journal.c | ||
| journal.h | ||
| Kconfig | ||
| Makefile | ||
| movinggc.c | ||
| request.c | ||
| request.h | ||
| stats.c | ||
| stats.h | ||
| super.c | ||
| sysfs.c | ||
| sysfs.h | ||
| trace.c | ||
| util.c | ||
| util.h | ||
| writeback.c | ||
| writeback.h | ||