[Devel] [PATCH RH7] vfs: add warning in guard_bio_eod() if truncated_bytes > bvec->bv_len
Roman Kagan
rkagan at virtuozzo.com
Sun Dec 4 22:37:20 PST 2016
On Sat, Dec 03, 2016 at 11:22:26AM +0300, Dmitry Monakhov wrote:
>
> Pavel Tikhomirov <ptikhomirov at virtuozzo.com> writes:
>
> > https://jira.sw.ru/browse/PSBM-55105
> >
> > In bug we crashed in zero_fill_bio when trying to zero memset bio_vec:
> >
> > struct bio_vec {
> > bv_page = 0xffffea0004437500,
> > bv_len = 4294948864,
> > bv_offset = 0
> > }
> >
> > which is bigger than its bio->bi_size = 104448, guard_bio_eod might
> > lead to these bv_len overflow and is suspicious as quiet recently
> > in vz7.19.4 we've ported commit 2573b2539875("vfs: make guard_bh_eod()
> > more generic") which adds bv_len reduction, and before that there
> > were no crash.
> >
> > Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> > ---
> > fs/buffer.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/fs/buffer.c b/fs/buffer.c
> > index c45200d..b820080 100644
> > --- a/fs/buffer.c
> > +++ b/fs/buffer.c
> > @@ -3009,6 +3009,7 @@ void guard_bio_eod(int rw, struct bio *bio)
> >
> > /* Truncate the bio.. */
> > bio->bi_size -= truncated_bytes;
> > + WARN_ON(truncated_bytes > bvec->bv_len);
> BUG_ON would be more appropriate here.
Haven't you seen how Linus "critisized" Andrew for doing exactly that?
Roman.
More information about the Devel
mailing list