Re: [PATCH 1/8] Guard bvec iteration logic

[PATCH 0/8] block: T10/DIF Fixes and cleanups · Dmitry Monakhov <hidden> · 2017-03-30
[PATCH 2/8] bio-integrity: Do not allocate integrity context for bio w/o data · Dmitry Monakhov <hidden> · 2017-03-30
[PATCH 6/8] bio-integrity: add bio_integrity_setup helper · Dmitry Monakhov <hidden> · 2017-03-30
Re: [PATCH 6/8] bio-integrity: add bio_integrity_setup helper · kbuild test robot <hidden> · 2017-03-31
[PATCH 1/8] Guard bvec iteration logic · Dmitry Monakhov <hidden> · 2017-03-30
Re: [PATCH 1/8] Guard bvec iteration logic · Ming Lei <tom.leiming@gmail.com> · 2017-03-31
[PATCH 5/8] bio-integrity: fix interface for bio_integrity_trim · Dmitry Monakhov <hidden> · 2017-03-30
[PATCH 8/8] tcm_fileio: Prevent information leak for short reads · Dmitry Monakhov <hidden> · 2017-03-30
[PATCH 7/8] T10: Move opencoded contants to common header · Dmitry Monakhov <hidden> · 2017-03-30
Re: [PATCH 7/8] T10: Move opencoded contants to common header · kbuild test robot <hidden> · 2017-03-31
[PATCH 4/8] bio-integrity: bio_trim should truncate integrity vector accordingly · Dmitry Monakhov <hidden> · 2017-03-30
[PATCH 3/8] bio-integrity: save original iterator for verify stage · Dmitry Monakhov <hidden> · 2017-03-30

From: Ming Lei <tom.leiming@gmail.com>
Date: 2017-03-31 08:21:45
Also in: lkml

On Thu, Mar 30, 2017 at 9:49 PM, Dmitry Monakhov [off-list ref] wrote:

quoted hunk ↗ jump to hunk

If some one try to attempt advance bvec beyond it's size we simply
dump WARN_ONCE and continue to iterate beyond bvec array boundaries.
This simply means that we endup dereferencing/corrupting random memory
region.

Code was added long time ago here 4550dd6c, luckily no one hit it
in real life :)

Signed-off-by: Dmitry Monakhov <redacted>
---
 include/linux/bvec.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/linux/bvec.h b/include/linux/bvec.h
index 89b65b8..86b914f 100644
--- a/include/linux/bvec.h
+++ b/include/linux/bvec.h

@@ -70,8 +70,7 @@ static inline void bvec_iter_advance(const struct bio_vec *bv,
                                     struct bvec_iter *iter,
                                     unsigned bytes)
 {
-       WARN_ONCE(bytes > iter->bi_size,
-                 "Attempted to advance past end of bvec iter\n");
+       BUG_ON(bytes > iter->bi_size);

This may not a good idea, especially Linus did not like BUG_ON(), please see the
following link:

https://lkml.org/lkml/2016/10/4/1



Thanks,
Ming Lei

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help