From: Greg Kroah-Hartman Date: Tue, 25 May 2021 12:04:29 +0000 (+0200) Subject: drop dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch from everywhere X-Git-Tag: v4.4.270~10 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e4845877a3a4ef8995222f4b5506d94e23ee72db;p=thirdparty%2Fkernel%2Fstable-queue.git drop dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch from everywhere --- diff --git a/queue-4.14/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch b/queue-4.14/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch deleted file mode 100644 index 1364da42237..00000000000 --- a/queue-4.14/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7ee06ddc4038f936b0d4459d37a7d4d844fb03db Mon Sep 17 00:00:00 2001 -From: Mikulas Patocka -Date: Fri, 7 May 2021 11:38:10 -0400 -Subject: dm snapshot: fix a crash when an origin has no snapshots - -From: Mikulas Patocka - -commit 7ee06ddc4038f936b0d4459d37a7d4d844fb03db upstream. - -If an origin target has no snapshots, o->split_boundary is set to 0. -This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split(). - -Fix this by initializing chunk_size, and in turn split_boundary, to -rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits -into "unsigned" type. - -Reported-by: Michael Tokarev -Tested-by: Michael Tokarev -Cc: stable@vger.kernel.org -Signed-off-by: Mikulas Patocka -Signed-off-by: Mike Snitzer -Signed-off-by: Greg Kroah-Hartman ---- - drivers/md/dm-snap.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - ---- a/drivers/md/dm-snap.c -+++ b/drivers/md/dm-snap.c -@@ -793,12 +793,11 @@ static int dm_add_exception(void *contex - static uint32_t __minimum_chunk_size(struct origin *o) - { - struct dm_snapshot *snap; -- unsigned chunk_size = 0; -+ unsigned chunk_size = rounddown_pow_of_two(UINT_MAX); - - if (o) - list_for_each_entry(snap, &o->snapshots, list) -- chunk_size = min_not_zero(chunk_size, -- snap->store->chunk_size); -+ chunk_size = min(chunk_size, snap->store->chunk_size); - - return (uint32_t) chunk_size; - } diff --git a/queue-4.14/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch b/queue-4.14/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch index be15d0600b4..1ee8665aae1 100644 --- a/queue-4.14/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch +++ b/queue-4.14/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch @@ -31,7 +31,7 @@ Signed-off-by: Greg Kroah-Hartman --- a/drivers/md/dm-snap.c +++ b/drivers/md/dm-snap.c -@@ -1285,6 +1285,7 @@ static int snapshot_ctr(struct dm_target +@@ -1286,6 +1286,7 @@ static int snapshot_ctr(struct dm_target if (!s->store->chunk_size) { ti->error = "Chunk size not set"; diff --git a/queue-4.14/series b/queue-4.14/series index 163270b6d7b..2a49393995b 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -11,7 +11,6 @@ alsa-hda-realtek-reset-eapd-coeff-to-default-value-for-alc287.patch revert-rapidio-fix-a-null-pointer-dereference-when-create_workqueue-fails.patch rapidio-handle-create_workqueue-failure.patch xen-pciback-reconfigure-also-from-backend-watch-handler.patch -dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch revert-video-hgafb-fix-potential-null-pointer-dereference.patch revert-net-stmicro-fix-a-missing-check-of-clk_prepare.patch diff --git a/queue-4.19/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch b/queue-4.19/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch deleted file mode 100644 index 08f3d5d9f22..00000000000 --- a/queue-4.19/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7ee06ddc4038f936b0d4459d37a7d4d844fb03db Mon Sep 17 00:00:00 2001 -From: Mikulas Patocka -Date: Fri, 7 May 2021 11:38:10 -0400 -Subject: dm snapshot: fix a crash when an origin has no snapshots - -From: Mikulas Patocka - -commit 7ee06ddc4038f936b0d4459d37a7d4d844fb03db upstream. - -If an origin target has no snapshots, o->split_boundary is set to 0. -This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split(). - -Fix this by initializing chunk_size, and in turn split_boundary, to -rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits -into "unsigned" type. - -Reported-by: Michael Tokarev -Tested-by: Michael Tokarev -Cc: stable@vger.kernel.org -Signed-off-by: Mikulas Patocka -Signed-off-by: Mike Snitzer -Signed-off-by: Greg Kroah-Hartman ---- - drivers/md/dm-snap.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - ---- a/drivers/md/dm-snap.c -+++ b/drivers/md/dm-snap.c -@@ -794,12 +794,11 @@ static int dm_add_exception(void *contex - static uint32_t __minimum_chunk_size(struct origin *o) - { - struct dm_snapshot *snap; -- unsigned chunk_size = 0; -+ unsigned chunk_size = rounddown_pow_of_two(UINT_MAX); - - if (o) - list_for_each_entry(snap, &o->snapshots, list) -- chunk_size = min_not_zero(chunk_size, -- snap->store->chunk_size); -+ chunk_size = min(chunk_size, snap->store->chunk_size); - - return (uint32_t) chunk_size; - } diff --git a/queue-4.19/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch b/queue-4.19/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch index be15d0600b4..1ee8665aae1 100644 --- a/queue-4.19/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch +++ b/queue-4.19/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch @@ -31,7 +31,7 @@ Signed-off-by: Greg Kroah-Hartman --- a/drivers/md/dm-snap.c +++ b/drivers/md/dm-snap.c -@@ -1285,6 +1285,7 @@ static int snapshot_ctr(struct dm_target +@@ -1286,6 +1286,7 @@ static int snapshot_ctr(struct dm_target if (!s->store->chunk_size) { ti->error = "Chunk size not set"; diff --git a/queue-4.19/series b/queue-4.19/series index 70793c5aa2e..51cad92e4b5 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -20,7 +20,6 @@ revert-rapidio-fix-a-null-pointer-dereference-when-create_workqueue-fails.patch rapidio-handle-create_workqueue-failure.patch revert-serial-mvebu-uart-fix-to-avoid-a-potential-null-pointer-dereference.patch xen-pciback-reconfigure-also-from-backend-watch-handler.patch -dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch revert-video-hgafb-fix-potential-null-pointer-dereference.patch revert-net-stmicro-fix-a-missing-check-of-clk_prepare.patch diff --git a/queue-4.4/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch b/queue-4.4/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch deleted file mode 100644 index f5647292d6e..00000000000 --- a/queue-4.4/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7ee06ddc4038f936b0d4459d37a7d4d844fb03db Mon Sep 17 00:00:00 2001 -From: Mikulas Patocka -Date: Fri, 7 May 2021 11:38:10 -0400 -Subject: dm snapshot: fix a crash when an origin has no snapshots - -From: Mikulas Patocka - -commit 7ee06ddc4038f936b0d4459d37a7d4d844fb03db upstream. - -If an origin target has no snapshots, o->split_boundary is set to 0. -This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split(). - -Fix this by initializing chunk_size, and in turn split_boundary, to -rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits -into "unsigned" type. - -Reported-by: Michael Tokarev -Tested-by: Michael Tokarev -Cc: stable@vger.kernel.org -Signed-off-by: Mikulas Patocka -Signed-off-by: Mike Snitzer -Signed-off-by: Greg Kroah-Hartman ---- - drivers/md/dm-snap.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - ---- a/drivers/md/dm-snap.c -+++ b/drivers/md/dm-snap.c -@@ -789,12 +789,11 @@ static int dm_add_exception(void *contex - static uint32_t __minimum_chunk_size(struct origin *o) - { - struct dm_snapshot *snap; -- unsigned chunk_size = 0; -+ unsigned chunk_size = rounddown_pow_of_two(UINT_MAX); - - if (o) - list_for_each_entry(snap, &o->snapshots, list) -- chunk_size = min_not_zero(chunk_size, -- snap->store->chunk_size); -+ chunk_size = min(chunk_size, snap->store->chunk_size); - - return (uint32_t) chunk_size; - } diff --git a/queue-4.4/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch b/queue-4.4/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch index 56c3b903da7..7f51949c1fd 100644 --- a/queue-4.4/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch +++ b/queue-4.4/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch @@ -31,7 +31,7 @@ Signed-off-by: Greg Kroah-Hartman --- a/drivers/md/dm-snap.c +++ b/drivers/md/dm-snap.c -@@ -1264,6 +1264,7 @@ static int snapshot_ctr(struct dm_target +@@ -1265,6 +1265,7 @@ static int snapshot_ctr(struct dm_target if (!s->store->chunk_size) { ti->error = "Chunk size not set"; diff --git a/queue-4.4/series b/queue-4.4/series index f8c8c2ef6aa..5e8b949b589 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -6,7 +6,6 @@ alsa-usb-audio-validate-ms-endpoint-descriptors.patch alsa-bebob-oxfw-fix-kconfig-entry-for-mackie-d.2-pro.patch revert-alsa-sb8-add-a-check-for-request_region.patch xen-pciback-reconfigure-also-from-backend-watch-handler.patch -dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch revert-video-hgafb-fix-potential-null-pointer-dereference.patch revert-net-stmicro-fix-a-missing-check-of-clk_prepare.patch diff --git a/queue-4.9/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch b/queue-4.9/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch deleted file mode 100644 index 360f5481148..00000000000 --- a/queue-4.9/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7ee06ddc4038f936b0d4459d37a7d4d844fb03db Mon Sep 17 00:00:00 2001 -From: Mikulas Patocka -Date: Fri, 7 May 2021 11:38:10 -0400 -Subject: dm snapshot: fix a crash when an origin has no snapshots - -From: Mikulas Patocka - -commit 7ee06ddc4038f936b0d4459d37a7d4d844fb03db upstream. - -If an origin target has no snapshots, o->split_boundary is set to 0. -This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split(). - -Fix this by initializing chunk_size, and in turn split_boundary, to -rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits -into "unsigned" type. - -Reported-by: Michael Tokarev -Tested-by: Michael Tokarev -Cc: stable@vger.kernel.org -Signed-off-by: Mikulas Patocka -Signed-off-by: Mike Snitzer -Signed-off-by: Greg Kroah-Hartman ---- - drivers/md/dm-snap.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - ---- a/drivers/md/dm-snap.c -+++ b/drivers/md/dm-snap.c -@@ -788,12 +788,11 @@ static int dm_add_exception(void *contex - static uint32_t __minimum_chunk_size(struct origin *o) - { - struct dm_snapshot *snap; -- unsigned chunk_size = 0; -+ unsigned chunk_size = rounddown_pow_of_two(UINT_MAX); - - if (o) - list_for_each_entry(snap, &o->snapshots, list) -- chunk_size = min_not_zero(chunk_size, -- snap->store->chunk_size); -+ chunk_size = min(chunk_size, snap->store->chunk_size); - - return (uint32_t) chunk_size; - } diff --git a/queue-4.9/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch b/queue-4.9/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch index 19bf3812504..56c3b903da7 100644 --- a/queue-4.9/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch +++ b/queue-4.9/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch @@ -31,7 +31,7 @@ Signed-off-by: Greg Kroah-Hartman --- a/drivers/md/dm-snap.c +++ b/drivers/md/dm-snap.c -@@ -1263,6 +1263,7 @@ static int snapshot_ctr(struct dm_target +@@ -1264,6 +1264,7 @@ static int snapshot_ctr(struct dm_target if (!s->store->chunk_size) { ti->error = "Chunk size not set"; diff --git a/queue-4.9/series b/queue-4.9/series index 1e0cf8cc53b..71cd254cdd9 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -10,7 +10,6 @@ revert-alsa-sb8-add-a-check-for-request_region.patch revert-rapidio-fix-a-null-pointer-dereference-when-create_workqueue-fails.patch rapidio-handle-create_workqueue-failure.patch xen-pciback-reconfigure-also-from-backend-watch-handler.patch -dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch revert-video-hgafb-fix-potential-null-pointer-dereference.patch revert-net-stmicro-fix-a-missing-check-of-clk_prepare.patch diff --git a/queue-5.10/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch b/queue-5.10/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch deleted file mode 100644 index 94a509615e2..00000000000 --- a/queue-5.10/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7ee06ddc4038f936b0d4459d37a7d4d844fb03db Mon Sep 17 00:00:00 2001 -From: Mikulas Patocka -Date: Fri, 7 May 2021 11:38:10 -0400 -Subject: dm snapshot: fix a crash when an origin has no snapshots - -From: Mikulas Patocka - -commit 7ee06ddc4038f936b0d4459d37a7d4d844fb03db upstream. - -If an origin target has no snapshots, o->split_boundary is set to 0. -This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split(). - -Fix this by initializing chunk_size, and in turn split_boundary, to -rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits -into "unsigned" type. - -Reported-by: Michael Tokarev -Tested-by: Michael Tokarev -Cc: stable@vger.kernel.org -Signed-off-by: Mikulas Patocka -Signed-off-by: Mike Snitzer -Signed-off-by: Greg Kroah-Hartman ---- - drivers/md/dm-snap.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - ---- a/drivers/md/dm-snap.c -+++ b/drivers/md/dm-snap.c -@@ -854,12 +854,11 @@ static int dm_add_exception(void *contex - static uint32_t __minimum_chunk_size(struct origin *o) - { - struct dm_snapshot *snap; -- unsigned chunk_size = 0; -+ unsigned chunk_size = rounddown_pow_of_two(UINT_MAX); - - if (o) - list_for_each_entry(snap, &o->snapshots, list) -- chunk_size = min_not_zero(chunk_size, -- snap->store->chunk_size); -+ chunk_size = min(chunk_size, snap->store->chunk_size); - - return (uint32_t) chunk_size; - } diff --git a/queue-5.10/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch b/queue-5.10/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch index f3d6a700546..ed52cde2ba0 100644 --- a/queue-5.10/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch +++ b/queue-5.10/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch @@ -31,7 +31,7 @@ Signed-off-by: Greg Kroah-Hartman --- a/drivers/md/dm-snap.c +++ b/drivers/md/dm-snap.c -@@ -1407,6 +1407,7 @@ static int snapshot_ctr(struct dm_target +@@ -1408,6 +1408,7 @@ static int snapshot_ctr(struct dm_target if (!s->store->chunk_size) { ti->error = "Chunk size not set"; diff --git a/queue-5.10/series b/queue-5.10/series index 48f3e252815..d1bfcc9e78f 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -67,7 +67,6 @@ mmc-sdhci-pci-gli-increase-1.8v-regulator-wait.patch xen-pciback-redo-vf-placement-in-the-virtual-topology.patch xen-pciback-reconfigure-also-from-backend-watch-handler.patch ipc-mqueue-msg-sem-avoid-relying-on-a-stack-reference-past-its-expiry.patch -dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch kcsan-fix-debugfs-initcall-return-type.patch revert-video-hgafb-fix-potential-null-pointer-dereference.patch diff --git a/queue-5.12/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch b/queue-5.12/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch deleted file mode 100644 index 94a509615e2..00000000000 --- a/queue-5.12/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7ee06ddc4038f936b0d4459d37a7d4d844fb03db Mon Sep 17 00:00:00 2001 -From: Mikulas Patocka -Date: Fri, 7 May 2021 11:38:10 -0400 -Subject: dm snapshot: fix a crash when an origin has no snapshots - -From: Mikulas Patocka - -commit 7ee06ddc4038f936b0d4459d37a7d4d844fb03db upstream. - -If an origin target has no snapshots, o->split_boundary is set to 0. -This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split(). - -Fix this by initializing chunk_size, and in turn split_boundary, to -rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits -into "unsigned" type. - -Reported-by: Michael Tokarev -Tested-by: Michael Tokarev -Cc: stable@vger.kernel.org -Signed-off-by: Mikulas Patocka -Signed-off-by: Mike Snitzer -Signed-off-by: Greg Kroah-Hartman ---- - drivers/md/dm-snap.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - ---- a/drivers/md/dm-snap.c -+++ b/drivers/md/dm-snap.c -@@ -854,12 +854,11 @@ static int dm_add_exception(void *contex - static uint32_t __minimum_chunk_size(struct origin *o) - { - struct dm_snapshot *snap; -- unsigned chunk_size = 0; -+ unsigned chunk_size = rounddown_pow_of_two(UINT_MAX); - - if (o) - list_for_each_entry(snap, &o->snapshots, list) -- chunk_size = min_not_zero(chunk_size, -- snap->store->chunk_size); -+ chunk_size = min(chunk_size, snap->store->chunk_size); - - return (uint32_t) chunk_size; - } diff --git a/queue-5.12/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch b/queue-5.12/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch index f3d6a700546..ed52cde2ba0 100644 --- a/queue-5.12/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch +++ b/queue-5.12/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch @@ -31,7 +31,7 @@ Signed-off-by: Greg Kroah-Hartman --- a/drivers/md/dm-snap.c +++ b/drivers/md/dm-snap.c -@@ -1407,6 +1407,7 @@ static int snapshot_ctr(struct dm_target +@@ -1408,6 +1408,7 @@ static int snapshot_ctr(struct dm_target if (!s->store->chunk_size) { ti->error = "Chunk size not set"; diff --git a/queue-5.12/series b/queue-5.12/series index 22286744206..e181c68a91d 100644 --- a/queue-5.12/series +++ b/queue-5.12/series @@ -90,7 +90,6 @@ xen-pciback-reconfigure-also-from-backend-watch-handler.patch ipc-mqueue-msg-sem-avoid-relying-on-a-stack-reference-past-its-expiry.patch userfaultfd-hugetlbfs-fix-new-flag-usage-in-error-path.patch revert-mm-gup-check-page-posion-status-for-coredump.patch -dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch kcsan-fix-debugfs-initcall-return-type.patch revert-video-hgafb-fix-potential-null-pointer-dereference.patch diff --git a/queue-5.4/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch b/queue-5.4/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch deleted file mode 100644 index 94a509615e2..00000000000 --- a/queue-5.4/dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7ee06ddc4038f936b0d4459d37a7d4d844fb03db Mon Sep 17 00:00:00 2001 -From: Mikulas Patocka -Date: Fri, 7 May 2021 11:38:10 -0400 -Subject: dm snapshot: fix a crash when an origin has no snapshots - -From: Mikulas Patocka - -commit 7ee06ddc4038f936b0d4459d37a7d4d844fb03db upstream. - -If an origin target has no snapshots, o->split_boundary is set to 0. -This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split(). - -Fix this by initializing chunk_size, and in turn split_boundary, to -rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits -into "unsigned" type. - -Reported-by: Michael Tokarev -Tested-by: Michael Tokarev -Cc: stable@vger.kernel.org -Signed-off-by: Mikulas Patocka -Signed-off-by: Mike Snitzer -Signed-off-by: Greg Kroah-Hartman ---- - drivers/md/dm-snap.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - ---- a/drivers/md/dm-snap.c -+++ b/drivers/md/dm-snap.c -@@ -854,12 +854,11 @@ static int dm_add_exception(void *contex - static uint32_t __minimum_chunk_size(struct origin *o) - { - struct dm_snapshot *snap; -- unsigned chunk_size = 0; -+ unsigned chunk_size = rounddown_pow_of_two(UINT_MAX); - - if (o) - list_for_each_entry(snap, &o->snapshots, list) -- chunk_size = min_not_zero(chunk_size, -- snap->store->chunk_size); -+ chunk_size = min(chunk_size, snap->store->chunk_size); - - return (uint32_t) chunk_size; - } diff --git a/queue-5.4/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch b/queue-5.4/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch index f3d6a700546..ed52cde2ba0 100644 --- a/queue-5.4/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch +++ b/queue-5.4/dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch @@ -31,7 +31,7 @@ Signed-off-by: Greg Kroah-Hartman --- a/drivers/md/dm-snap.c +++ b/drivers/md/dm-snap.c -@@ -1407,6 +1407,7 @@ static int snapshot_ctr(struct dm_target +@@ -1408,6 +1408,7 @@ static int snapshot_ctr(struct dm_target if (!s->store->chunk_size) { ti->error = "Chunk size not set"; diff --git a/queue-5.4/series b/queue-5.4/series index 3b98ccff963..bf455ef7387 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -39,7 +39,6 @@ drm-amdgpu-update-gc-golden-setting-for-navi12.patch drm-amdgpu-update-sdma-golden-setting-for-navi12.patch mmc-sdhci-pci-gli-increase-1.8v-regulator-wait.patch xen-pciback-reconfigure-also-from-backend-watch-handler.patch -dm-snapshot-fix-a-crash-when-an-origin-has-no-snapshots.patch dm-snapshot-fix-crash-with-transient-storage-and-zero-chunk-size.patch revert-video-hgafb-fix-potential-null-pointer-dereference.patch revert-net-stmicro-fix-a-missing-check-of-clk_prepare.patch