[PATCH 1/8] Guard bvec iteration logic

From: Dmitry Monakhov
Date: Thu Mar 30 2017 - 09:50:33 EST

Next message: Dmitry Monakhov: "[PATCH 6/8] bio-integrity: add bio_integrity_setup helper"
Previous message: Dmitry Monakhov: "[PATCH 8/8] tcm_fileio: Prevent information leak for short reads"
In reply to: Dmitry Monakhov: "[PATCH 8/8] tcm_fileio: Prevent information leak for short reads"
Next in thread: Ming Lei: "Re: [PATCH 1/8] Guard bvec iteration logic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If some one try to attempt advance bvec beyond it's size we simply
dump WARN_ONCE and continue to iterate beyond bvec array boundaries.
This simply means that we endup dereferencing/corrupting random memory
region.

Code was added long time ago here 4550dd6c, luckily no one hit it
in real life :)

Signed-off-by: Dmitry Monakhov <dmonakhov@xxxxxxxxxx>
---
include/linux/bvec.h | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/linux/bvec.h b/include/linux/bvec.h
index 89b65b8..86b914f 100644
--- a/include/linux/bvec.h
+++ b/include/linux/bvec.h
@@ -70,8 +70,7 @@ static inline void bvec_iter_advance(const struct bio_vec *bv,
struct bvec_iter *iter,
unsigned bytes)
{
- WARN_ONCE(bytes > iter->bi_size,
- "Attempted to advance past end of bvec iter\n");
+ BUG_ON(bytes > iter->bi_size);

while (bytes) {
unsigned iter_len = bvec_iter_len(bv, *iter);
--
2.9.3

Next message: Dmitry Monakhov: "[PATCH 6/8] bio-integrity: add bio_integrity_setup helper"
Previous message: Dmitry Monakhov: "[PATCH 8/8] tcm_fileio: Prevent information leak for short reads"
In reply to: Dmitry Monakhov: "[PATCH 8/8] tcm_fileio: Prevent information leak for short reads"
Next in thread: Ming Lei: "Re: [PATCH 1/8] Guard bvec iteration logic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]