From c7a2bd19b7c1e0bd2c7604c53d2583e91e536948 Mon Sep 17 00:00:00 2001
From: Takahiro Yasui <tyasui@redhat.com>
Date: Tue, 6 Jan 2009 03:04:56 +0000
Subject: dm log: fix dm_io_client leak on error paths

In create_log_context function, dm_io_client_destroy function needs
to be called, when memory allocation of disk_header, sync_bits and
recovering_bits failed, but dm_io_client_destroy is not called.

Cc: stable@kernel.org
Signed-off-by: Takahiro Yasui <tyasui@redhat.com>
Acked-by: Jonathan Brassow <jbrassow@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
---
 drivers/md/dm-log.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'drivers/md/dm-log.c')

diff --git a/drivers/md/dm-log.c b/drivers/md/dm-log.c
index a8c0fc79ca78..13e2a1a1a941 100644
--- a/drivers/md/dm-log.c
+++ b/drivers/md/dm-log.c
@@ -467,6 +467,7 @@ static int create_log_context(struct dm_dirty_log *log, struct dm_target *ti,
 		lc->disk_header = vmalloc(buf_size);
 		if (!lc->disk_header) {
 			DMWARN("couldn't allocate disk log buffer");
+			dm_io_client_destroy(lc->io_req.client);
 			kfree(lc);
 			return -ENOMEM;
 		}
@@ -482,6 +483,8 @@ static int create_log_context(struct dm_dirty_log *log, struct dm_target *ti,
 		DMWARN("couldn't allocate sync bitset");
 		if (!dev)
 			vfree(lc->clean_bits);
+		else
+			dm_io_client_destroy(lc->io_req.client);
 		vfree(lc->disk_header);
 		kfree(lc);
 		return -ENOMEM;
@@ -495,6 +498,8 @@ static int create_log_context(struct dm_dirty_log *log, struct dm_target *ti,
 		vfree(lc->sync_bits);
 		if (!dev)
 			vfree(lc->clean_bits);
+		else
+			dm_io_client_destroy(lc->io_req.client);
 		vfree(lc->disk_header);
 		kfree(lc);
 		return -ENOMEM;
-- 
cgit v1.2.1


From 6f3af01cb0eda0ec50fe1e4cbdf028269dc396fe Mon Sep 17 00:00:00 2001
From: Takahiro Yasui <tyasui@redhat.com>
Date: Tue, 6 Jan 2009 03:04:59 +0000
Subject: dm log: avoid reinitialising io_req on every operation

rw_header function updates three members of io_req data every time
when I/O is processed. bi_rw and notify.fn are never modified once
they get initialized, and so they can be set in advance.

header_to_disk() can also be pulled out of write_header() since only one
caller needs it and write_header() can be replaced by rw_header()
directly.

Signed-off-by: Takahiro Yasui <tyasui@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
---
 drivers/md/dm-log.c | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

(limited to 'drivers/md/dm-log.c')

diff --git a/drivers/md/dm-log.c b/drivers/md/dm-log.c
index 13e2a1a1a941..691cb9c22b56 100644
--- a/drivers/md/dm-log.c
+++ b/drivers/md/dm-log.c
@@ -326,8 +326,6 @@ static void header_from_disk(struct log_header *core, struct log_header *disk)
 static int rw_header(struct log_c *lc, int rw)
 {
 	lc->io_req.bi_rw = rw;
-	lc->io_req.mem.ptr.vma = lc->disk_header;
-	lc->io_req.notify.fn = NULL;
 
 	return dm_io(&lc->io_req, 1, &lc->header_location, NULL);
 }
@@ -362,12 +360,6 @@ static int read_header(struct log_c *log)
 	return 0;
 }
 
-static inline int write_header(struct log_c *log)
-{
-	header_to_disk(&log->header, log->disk_header);
-	return rw_header(log, WRITE);
-}
-
 /*----------------------------------------------------------------
  * core log constructor/destructor
  *
@@ -454,7 +446,9 @@ static int create_log_context(struct dm_dirty_log *log, struct dm_target *ti,
 		buf_size = dm_round_up((LOG_OFFSET << SECTOR_SHIFT) +
 				       bitset_size, ti->limits.hardsect_size);
 		lc->header_location.count = buf_size >> SECTOR_SHIFT;
+
 		lc->io_req.mem.type = DM_IO_VMA;
+		lc->io_req.notify.fn = NULL;
 		lc->io_req.client = dm_io_client_create(dm_div_up(buf_size,
 								   PAGE_SIZE));
 		if (IS_ERR(lc->io_req.client)) {
@@ -472,6 +466,7 @@ static int create_log_context(struct dm_dirty_log *log, struct dm_target *ti,
 			return -ENOMEM;
 		}
 
+		lc->io_req.mem.ptr.vma = lc->disk_header;
 		lc->clean_bits = (void *)lc->disk_header +
 				 (LOG_OFFSET << SECTOR_SHIFT);
 	}
@@ -636,8 +631,10 @@ static int disk_resume(struct dm_dirty_log *log)
 	/* set the correct number of regions in the header */
 	lc->header.nr_regions = lc->region_count;
 
+	header_to_disk(&lc->header, lc->disk_header);
+
 	/* write the new header */
-	r = write_header(lc);
+	r = rw_header(lc, WRITE);
 	if (r) {
 		DMWARN("%s: Failed to write header on dirty region log device",
 		       lc->log_dev->name);
@@ -687,7 +684,7 @@ static int disk_flush(struct dm_dirty_log *log)
 	if (!lc->touched)
 		return 0;
 
-	r = write_header(lc);
+	r = rw_header(lc, WRITE);
 	if (r)
 		fail_log_device(lc);
 	else
-- 
cgit v1.2.1


From 2045e88edb4e0c9ce62d317f77dc59d27d9c530e Mon Sep 17 00:00:00 2001
From: Milan Broz <mbroz@redhat.com>
Date: Tue, 6 Jan 2009 03:05:01 +0000
Subject: dm log: move region_size validation

Move log size validation from mirror target to log constructor.

Removed PAGE_SIZE restriction we no longer think necessary.

Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
---
 drivers/md/dm-log.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'drivers/md/dm-log.c')

diff --git a/drivers/md/dm-log.c b/drivers/md/dm-log.c
index 691cb9c22b56..40ed70df6736 100644
--- a/drivers/md/dm-log.c
+++ b/drivers/md/dm-log.c
@@ -360,6 +360,17 @@ static int read_header(struct log_c *log)
 	return 0;
 }
 
+static int _check_region_size(struct dm_target *ti, uint32_t region_size)
+{
+	if (region_size < 2 || region_size > ti->len)
+		return 0;
+
+	if (!is_power_of_2(region_size))
+		return 0;
+
+	return 1;
+}
+
 /*----------------------------------------------------------------
  * core log constructor/destructor
  *
@@ -395,8 +406,9 @@ static int create_log_context(struct dm_dirty_log *log, struct dm_target *ti,
 		}
 	}
 
-	if (sscanf(argv[0], "%u", &region_size) != 1) {
-		DMWARN("invalid region size string");
+	if (sscanf(argv[0], "%u", &region_size) != 1 ||
+	    !_check_region_size(ti, region_size)) {
+		DMWARN("invalid region size %s", argv[0]);
 		return -EINVAL;
 	}
 
-- 
cgit v1.2.1


From ac1f0ac22c7be908fd33407273b9808bfaedada4 Mon Sep 17 00:00:00 2001
From: Milan Broz <mbroz@redhat.com>
Date: Tue, 6 Jan 2009 03:05:02 +0000
Subject: dm log: ensure log bitmap fits on log device

Check that the log bitmap will fit within the log device.

Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
---
 drivers/md/dm-log.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'drivers/md/dm-log.c')

diff --git a/drivers/md/dm-log.c b/drivers/md/dm-log.c
index 40ed70df6736..737961f275c1 100644
--- a/drivers/md/dm-log.c
+++ b/drivers/md/dm-log.c
@@ -457,6 +457,14 @@ static int create_log_context(struct dm_dirty_log *log, struct dm_target *ti,
 		 */
 		buf_size = dm_round_up((LOG_OFFSET << SECTOR_SHIFT) +
 				       bitset_size, ti->limits.hardsect_size);
+
+		if (buf_size > dev->bdev->bd_inode->i_size) {
+			DMWARN("log device %s too small: need %llu bytes",
+				dev->name, (unsigned long long)buf_size);
+			kfree(lc);
+			return -EINVAL;
+		}
+
 		lc->header_location.count = buf_size >> SECTOR_SHIFT;
 
 		lc->io_req.mem.type = DM_IO_VMA;
-- 
cgit v1.2.1