[Devel] [PATCH RHEL9 COMMIT] dm-ploop: Add check to process_update_delta_index()
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Dec 7 17:08:43 MSK 2021
The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-4.vz9.10.33
------>
commit 1d68f91ad0f9228758621e3727152ae5fb5ae9ea
Author: Kirill Tkhai <ktkhai at virtuozzo.com>
Date: Tue Nov 23 13:58:22 2021 +0300
dm-ploop: Add check to process_update_delta_index()
Check that userspace-passed BAT entry does not refer
beyond end of file.
https://jira.sw.ru/browse/PSBM-129477
To_merge: 93f9012782e5 ("dm-ploop: Add ploop target driver")
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
drivers/md/dm-ploop-cmd.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/md/dm-ploop-cmd.c b/drivers/md/dm-ploop-cmd.c
index 9d0c1cae935f..92878d5477b1 100644
--- a/drivers/md/dm-ploop-cmd.c
+++ b/drivers/md/dm-ploop-cmd.c
@@ -759,13 +759,19 @@ static void notify_delta_merged(struct ploop *ploop, u8 level,
static int process_update_delta_index(struct ploop *ploop, u8 level,
const char *map)
{
+ struct ploop_delta *delta = &ploop->deltas[level];
u32 clu, dst_clu, n;
int ret;
write_lock_irq(&ploop->bat_rwlock);
/* Check all */
while (sscanf(map, "%u:%u;%n", &clu, &dst_clu, &n) == 2) {
- if (clu >= ploop->nr_bat_entries)
+ /*
+ * Check that userspace-passed BAT entry does not refer
+ * beyond end of file.
+ */
+ if (clu >= delta->nr_be ||
+ dst_clu >= POS_TO_CLU(ploop, delta->file_size))
break;
if (ploop_bat_entries(ploop, clu, NULL, NULL) == BAT_ENTRY_NONE)
break;
More information about the Devel
mailing list