[PATCH 1/8] Guard bvec iteration logic
From: Dmitry Monakhov <hidden>
Date: 2017-03-30 13:49:59
Also in:
lkml
Subsystem:
the rest · Maintainer:
Linus Torvalds
From: Dmitry Monakhov <hidden>
Date: 2017-03-30 13:49:59
Also in:
lkml
Subsystem:
the rest · Maintainer:
Linus Torvalds
If some one try to attempt advance bvec beyond it's size we simply dump WARN_ONCE and continue to iterate beyond bvec array boundaries. This simply means that we endup dereferencing/corrupting random memory region. Code was added long time ago here 4550dd6c, luckily no one hit it in real life :) Signed-off-by: Dmitry Monakhov <redacted> --- include/linux/bvec.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/include/linux/bvec.h b/include/linux/bvec.h
index 89b65b8..86b914f 100644
--- a/include/linux/bvec.h
+++ b/include/linux/bvec.h@@ -70,8 +70,7 @@ static inline void bvec_iter_advance(const struct bio_vec *bv, struct bvec_iter *iter, unsigned bytes) { - WARN_ONCE(bytes > iter->bi_size, - "Attempted to advance past end of bvec iter\n"); + BUG_ON(bytes > iter->bi_size); while (bytes) { unsigned iter_len = bvec_iter_len(bv, *iter);
--
2.9.3