linux-hardened/arch/m68k
Andreas Schwab ea077b1b96 m68k: Truncate base in do_div()
Explicitly truncate the second operand of do_div() to 32 bits to guard
against bogus code calling it with a 64-bit divisor.

[Thorsten]

After upgrading from 3.2 to 3.10, mounting a btrfs volume fails with:

btrfs: setting nodatacow, compression disabled
btrfs: enabling auto recovery
btrfs: disk space caching is enabled
*** ZERO DIVIDE ***   FORMAT=2
Current process id is 722
BAD KERNEL TRAP: 00000000
Modules linked in: evdev mac_hid ext4 crc16 jbd2 mbcache btrfs xor lzo_compress zlib_deflate raid6_pq crc32c libcrc32c
PC: [<319535b2>] __btrfs_map_block+0x11c/0x119a [btrfs]
SR: 2000  SP: 30c1fab4  a2: 30f0faf0
d0: 00000000    d1: 00001000    d2: 00000000    d3: 00000000
d4: 00010000    d5: 00000000    a0: 3085c72c    a1: 3085c72c
Process mount (pid: 722, task=30f0faf0)
Frame format=2 instr addr=319535ae
Stack from 30c1faec:
        00000000 00000020 00000000 00001000 00000000 01401000 30253928 300ffc00
        00a843ac 3026f640 00000000 00010000 0009e250 00d106c0 00011220 00000000
        00001000 301c6830 0009e32a 000000ff 00000009 3085c72c 00000000 00000000
        30c1fd14 00000000 00000020 00000000 30c1fd14 0009e26c 00000020 00000003
        00000000 0009dd8a 300b0b6c 30253928 00a843ac 00001000 00000000 00000000
        0000a008 3194e76a 30253928 00a843ac 00001000 00000000 00000000 00000002
Call Trace: [<00001000>] kernel_pg_dir+0x0/0x1000

    [...]

Code: 222e ff74 2a2e ff5c 2c2e ff60 4c45 1402 <2d40> ff64 2d41 ff68 2205 4c2e 1800 ff68 4c04 0800 2041 d1c0 2206 4c2e 1400 ff68

[Geert]

As diagnosed by Andreas, fs/btrfs/volumes.c:__btrfs_map_block()
calls

    do_div(stripe_nr, stripe_len);

with stripe_len u64, while do_div() assumes the divisor is a 32-bit number.

Due to the lack of truncation in the m68k-specific implementation of
do_div(), the division is performed using the upper 32-bit word of
stripe_len, which is zero.

This was introduced by commit 53b381b3ab
("Btrfs: RAID5 and RAID6"), which changed the divisor from
map->stripe_len (struct map_lookup.stripe_len is int) to a 64-bit temporary.

Reported-by: Thorsten Glaser <tg@debian.org>
Signed-off-by: Andreas Schwab <schwab@linux-m68k.org>
Tested-by: Thorsten Glaser <tg@debian.org>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: stable@vger.kernel.org
2013-08-14 11:46:30 +02:00
..
amiga m68k: set arch_gettimeoffset directly 2012-12-24 09:36:34 -07:00
apollo m68k: set arch_gettimeoffset directly 2012-12-24 09:36:34 -07:00
atari m68k/atari: USB - add platform devices for EtherNAT/NetUSBee ISP1160 HCD 2013-04-16 21:35:41 +02:00
bvme6000 m68k: set arch_gettimeoffset directly 2012-12-24 09:36:34 -07:00
configs m68k/q40: Enable PC parallel port in defconfig 2013-06-24 19:44:30 +02:00
emu m68k/atari: ARAnyM - Fix NatFeat module support 2013-08-14 11:46:30 +02:00
fpsp040 Fix common misspellings 2011-03-31 11:26:23 -03:00
hp300 m68k: set arch_gettimeoffset directly 2012-12-24 09:36:34 -07:00
ifpsp060 Fix common misspellings 2011-03-31 11:26:23 -03:00
include m68k: Truncate base in do_div() 2013-08-14 11:46:30 +02:00
kernel Merge branch 'exotic-arch-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k 2013-07-03 11:12:08 -07:00
lib m68k/uaccess: Fix asm constraints for userspace access 2013-06-24 19:44:19 +02:00
mac m68k: set arch_gettimeoffset directly 2012-12-24 09:36:34 -07:00
math-emu m68k/math-emu: unsigned issue, 'unsigned long' will never be less than zero 2013-06-24 19:44:19 +02:00
mm mm/m68k: fix build warning of unused variable 2013-07-03 16:07:39 -07:00
mvme16x m68k: set arch_gettimeoffset directly 2012-12-24 09:36:34 -07:00
mvme147 m68k: set arch_gettimeoffset directly 2012-12-24 09:36:34 -07:00
platform m68k/PCI: Remove redundant call of pci_bus_add_devices() 2013-06-14 17:38:39 -06:00
q40 m68k: set arch_gettimeoffset directly 2012-12-24 09:36:34 -07:00
sun3 m68k/sun3: remove inline marking of EXPORT_SYMBOL functions 2013-06-24 19:44:18 +02:00
sun3x m68k: set arch_gettimeoffset directly 2012-12-24 09:36:34 -07:00
tools/amiga Convert files to UTF-8 and some cleanups 2007-10-19 23:21:04 +02:00
install.sh kbuild: use INSTALLKERNEL to select customized installkernel script 2009-09-20 12:18:14 +02:00
Kconfig idle: Remove GENERIC_IDLE_LOOP config switch 2013-04-17 10:39:38 +02:00
Kconfig.bus m68k/atari: ROM port ISA adapter support 2013-04-16 21:08:11 +02:00
Kconfig.cpu Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu 2013-05-10 07:22:35 -07:00
Kconfig.debug m68k: remove CONFIG_EARLY_PRINTK dependency on CONFIG_EMBEDDED, default to n 2013-06-24 19:44:18 +02:00
Kconfig.devices m68k/atari: EtherNEC - add platform device support 2013-04-16 21:20:14 +02:00
Kconfig.machine m68knommu: add support for configuring a Freescale M5373EVB board 2013-04-29 09:17:59 +10:00
Makefile m68knommu: add support for the ColdFire 537x family of CPUs 2013-04-29 09:17:58 +10:00