From 304f0802d1d97a15a19033d120e71c9ddfbec632 Mon Sep 17 00:00:00 2001
From: Kozlowski Mateusz <mateusz.kozlowski@intel.com>
Date: Fri, 4 Nov 2022 10:02:15 +0100
Subject: [PATCH] lib/ftl: Fix segfault in recovery path of unmap

The ftl_md_get_buffer_size returns the buffer size in bytes, so we
should divide by the block size, instead of this smaller value. Risks
touching bad memory during dirty shutdown recovery, especially in >16TiB
drives.

Signed-off-by: Kozlowski Mateusz <mateusz.kozlowski@intel.com>
Signed-off-by: Mariusz Barczak <mariusz.barczak@intel.com>
Change-Id: I4095b00a79a1bdbce5046dc46349a9670e41b18e
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/15259
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Mellanox Build Bot
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
---
 lib/ftl/mngt/ftl_mngt_recovery.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ftl/mngt/ftl_mngt_recovery.c b/lib/ftl/mngt/ftl_mngt_recovery.c
index 2ab7cc68e..751ec7fc1 100644
--- a/lib/ftl/mngt/ftl_mngt_recovery.c
+++ b/lib/ftl/mngt/ftl_mngt_recovery.c
@@ -770,7 +770,7 @@ ftl_mngt_recover_unmap_map_cb(struct spdk_ftl_dev *dev, struct ftl_md *md, int s
 		return;
 	}
 
-	num_md_blocks = ftl_md_get_buffer_size(md) / lbas_in_page;
+	num_md_blocks = ftl_md_get_buffer_size(md) / FTL_BLOCK_SIZE;
 
 	for (i = 0; i < num_md_blocks; ++i, page_vss++) {
 		lba = page_vss->unmap.start_lba;