[PATCH] block: fix BLKSECDISCARD zero-length range causing page cache invalidation

From: Zizhi Wo

Date: Sat Jul 04 2026 - 03:47:50 EST


From: Zizhi Wo <wozizhi@xxxxxxxxxx>

Commit 697ba0b6ec4a ("block: fix integer overflow in BLKSECDISCARD") fixed
the start+len overflow via check_add_overflow() but did not handle the
start=0, len=0 case. There, start + len = 0, so end = 0 passes all checks,
and truncate_bdev_range()->truncate_inode_pages_range() is then called with
lend=UINT64_MAX, whitch is the "truncate to the end of file" sentinel, so
the entire page cache is invalidated.

Fix this by replacing the validation with blk_validate_byte_range(), which
already rejects a zero-length range and is what BLKDISCARD uses. This also
switches the alignment check from a hardcoded 512 to
bdev_logical_block_size().

Signed-off-by: Zizhi Wo <wozizhi@xxxxxxxxxx>
---
block/ioctl.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/block/ioctl.c b/block/ioctl.c
index 3d4ea1537457..3b7d33a737e8 100644
--- a/block/ioctl.c
+++ b/block/ioctl.c
@@ -176,8 +176,7 @@ static int blk_ioctl_discard(struct block_device *bdev, blk_mode_t mode,
static int blk_ioctl_secure_erase(struct block_device *bdev, blk_mode_t mode,
void __user *argp)
{
- uint64_t start, len, end;
- uint64_t range[2];
+ uint64_t range[2], start, len;
int err;

if (!(mode & BLK_OPEN_WRITE))
@@ -189,15 +188,13 @@ static int blk_ioctl_secure_erase(struct block_device *bdev, blk_mode_t mode,

start = range[0];
len = range[1];
- if ((start & 511) || (len & 511))
- return -EINVAL;
- if (check_add_overflow(start, len, &end) ||
- end > bdev_nr_bytes(bdev))
- return -EINVAL;
+ err = blk_validate_byte_range(bdev, start, len);
+ if (err)
+ return err;

inode_lock(bdev->bd_mapping->host);
filemap_invalidate_lock(bdev->bd_mapping);
- err = truncate_bdev_range(bdev, mode, start, end - 1);
+ err = truncate_bdev_range(bdev, mode, start, start + len - 1);
if (!err)
err = blkdev_issue_secure_erase(bdev, start >> 9, len >> 9,
GFP_KERNEL);
--
2.52.0