[PATCH 03/18] fs_context: fix detecting full log buffer

From: Eric Biggers
Date: Sun Jul 08 2018 - 17:09:25 EST

Next message: Eric Biggers: "[PATCH 02/18] fs_context: fix shrinker leak in sget_fc()"
Previous message: Eric Biggers: "[PATCH 05/18] fs_context: fix mount option blacklist"
In reply to: Eric Biggers: "[PATCH 05/18] fs_context: fix mount option blacklist"
Next in thread: Eric Biggers: "[PATCH 02/18] fs_context: fix shrinker leak in sget_fc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers <ebiggers@xxxxxxxxxx>

When 'head' and 'tail' wrap around, 'log->head - log->tail' will be
something like '4 - 252 = -248', and comparing that directly to the
array size is wrong. Fix by casting to 'u8'.

Fixes: 09aeca629fb3 ("vfs: Implement logging through fs_context")
Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
---
fs/fs_context.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/fs_context.c b/fs/fs_context.c
index 97e8c1dc4e3b1..a0e22f4c6b64a 100644
--- a/fs/fs_context.c
+++ b/fs/fs_context.c
@@ -418,7 +418,9 @@ void logfc(struct fs_context *fc, const char *fmt, ...)
freeable = 0;
store_string:
index = log->head & (logsize - 1);
- if ((int)log->head - (int)log->tail == 8) {
+ BUILD_BUG_ON(sizeof(log->head) != sizeof(u8) ||
+ sizeof(log->tail) != sizeof(u8));
+ if ((u8)(log->head - log->tail) == logsize) {
/* The buffer is full, discard the oldest message */
if (log->need_free & (1 << index))
kfree(log->buffer[index]);
--
2.18.0

Next message: Eric Biggers: "[PATCH 02/18] fs_context: fix shrinker leak in sget_fc()"
Previous message: Eric Biggers: "[PATCH 05/18] fs_context: fix mount option blacklist"
In reply to: Eric Biggers: "[PATCH 05/18] fs_context: fix mount option blacklist"
Next in thread: Eric Biggers: "[PATCH 02/18] fs_context: fix shrinker leak in sget_fc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]