[Devel] [PATCH RHEL7 COMMIT] cbt: blk_cbt_update_size() should not copy uninitialized data
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Jun 9 01:42:55 PDT 2016
The commit is pushed to "branch-rh7-3.10.0-327.18.2.vz7.14.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.18.2.vz7.14.13
------>
commit dd56c75a4d6149fb1247064ca581777220e9983f
Author: Maxim Patlasov <mpatlasov at virtuozzo.com>
Date: Thu Jun 9 12:42:55 2016 +0400
cbt: blk_cbt_update_size() should not copy uninitialized data
to_cpy is the number of page pointers to copy from current cbt to new.
The following check:
> if ((new_sz + bsz) >> cbt->block_bits <= cbt->block_max)
> goto err_mtx;
ensures that the copy will be done only for new cbt bigger than current. So,
we have to calculate to_cpy based on the current (smaller) cbt. The rest of
new cbt is OK because it was nullified by do_cbt_alloc().
The bug existed since the very first version of CBT (commit ad7ba3dfe).
https://jira.sw.ru/browse/PSBM-48120
Signed-off-by: Maxim Patlasov <mpatlasov at virtuozzo.com>
Acked-by: Dmitry Monakhov <dmonakhov at virtuozzo.com>
---
block/blk-cbt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/blk-cbt.c b/block/blk-cbt.c
index 001dbfd..3a2b197 100644
--- a/block/blk-cbt.c
+++ b/block/blk-cbt.c
@@ -448,7 +448,7 @@ void blk_cbt_update_size(struct block_device *bdev)
set_bit(CBT_ERROR, &cbt->flags);
goto err_mtx;
}
- to_cpy = NR_PAGES(new->block_max);
+ to_cpy = NR_PAGES(cbt->block_max);
set_bit(CBT_NOCACHE, &cbt->flags);
cbt_flush_cache(cbt);
spin_lock_irq(&cbt->lock);
More information about the Devel
mailing list