[Devel] [PATCH RH7] vfs: add warning in guard_bio_eod() if truncated_bytes > bvec->bv_len
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Fri Dec 2 07:49:30 PST 2016
https://jira.sw.ru/browse/PSBM-55105
In bug we crashed in zero_fill_bio when trying to zero memset bio_vec:
struct bio_vec {
bv_page = 0xffffea0004437500,
bv_len = 4294948864,
bv_offset = 0
}
which is bigger than its bio->bi_size = 104448, guard_bio_eod might
lead to these bv_len overflow and is suspicious as quiet recently
in vz7.19.4 we've ported commit 2573b2539875("vfs: make guard_bh_eod()
more generic") which adds bv_len reduction, and before that there
were no crash.
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
fs/buffer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/buffer.c b/fs/buffer.c
index c45200d..b820080 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -3009,6 +3009,7 @@ void guard_bio_eod(int rw, struct bio *bio)
/* Truncate the bio.. */
bio->bi_size -= truncated_bytes;
+ WARN_ON(truncated_bytes > bvec->bv_len);
bvec->bv_len -= truncated_bytes;
/* ..and clear the end of the buffer for reads */
--
2.9.3
More information about the Devel
mailing list