From: Lars Ellenberg Date: Wed, 23 Oct 2013 08:59:18 +0000 (+0200) Subject: drbd: fix decoding of bitmap vli rle for device sizes > 64 TB X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d2da5b0cb522c48f8e2f311e6e9b212535371b56;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git drbd: fix decoding of bitmap vli rle for device sizes > 64 TB Symptoms: disconnect after bitmap exchange due to bitmap overflow (e:49731075554) while decoding bm RLE packet In the decoding step of the variable length integer run length encoding there was potentially an uncatched bitshift by wordsize (variable >> 64). The result of which is "undefined" :( (only "sometimes" the result is the desired 0) Fix: don't do any bit shift magic for shift == 64, just assign. Signed-off-by: Philipp Reisner Signed-off-by: Lars Ellenberg Signed-off-by: Jens Axboe --- diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c index 12c59eb3b127..6fa6673b36b3 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c @@ -4125,7 +4125,11 @@ recv_bm_rle_bits(struct drbd_conf *mdev, (unsigned int)bs.buf_len); return -EIO; } - look_ahead >>= bits; + /* if we consumed all 64 bits, assign 0; >> 64 is "undefined"; */ + if (likely(bits < 64)) + look_ahead >>= bits; + else + look_ahead = 0; have -= bits; bits = bitstream_get_bits(&bs, &tmp, 64 - have);