[RFC PATCH v1 6/8] zram: avoid access beyond the zram device

From: Jiang Liu
Date: Mon Jun 03 2013 - 11:45:17 EST


Function valid_io_request() should verify the entire request doesn't
exceed the zram device, otherwise it will cause invalid memory access.

Signed-off-by: Jiang Liu <jiang.liu@xxxxxxxxxx>
---
drivers/staging/zram/zram_drv.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
index 66cf28a..64b51b9 100644
--- a/drivers/staging/zram/zram_drv.c
+++ b/drivers/staging/zram/zram_drv.c
@@ -428,6 +428,10 @@ static inline int valid_io_request(struct zram *zram, struct bio *bio)
return 0;
}

+ if (unlikely((bio->bi_sector << SECTOR_SHIFT) + bio->bi_size >=
+ zram->disksize))
+ return 0;
+
/* I/O request is valid */
return 1;
}
--
1.8.1.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/