From: Jens Axboe <jens.axboe@oracle.com>
To: Kazuhisa Ichikawa <ki@epsilou.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] block: fix the bio_vec array index out-of-bounds test
Date: Tue, 12 May 2009 13:27:29 +0200 [thread overview]
Message-ID: <20090512112729.GI4140@kernel.dk> (raw)
In-Reply-To: <4A03D4F2.1070904@epsilou.com>
On Fri, May 08 2009, Kazuhisa Ichikawa wrote:
> From: Kazuhisa Ichikawa <ki@epsilou.com>
>
> Current bio_vec array index out-of-bounds test within
> __end_that_request_first() does not seem correct.
> It checks bio->bi_idx against bio->bi_vcnt, but the subsequent code
> uses idx (which is, bio->bi_idx + next_idx) as the array index into
> bio_vec array. This means that the test really make sense only at
> the first iteration of !(nr_bytes >=bio->bi_size) case (when next_idx
> == zero). Fix this by replacing bio->bi_idx with idx.
> (This patch applies to 2.6.30-rc4.)
>
> Signed-off-by: Kazuhisa Ichikawa <ki@epsilou.com>
> ---
>
> --- linux-2.6.30-rc4/block/blk-core.c.ORIG 2009-05-08 00:00:10.000000000 +0900
> +++ linux-2.6.30-rc4/block/blk-core.c 2009-05-08 00:00:10.000000000 +0900
> @@ -1768,10 +1768,10 @@ static int __end_that_request_first(stru
> } else {
> int idx = bio->bi_idx + next_idx;
>
> - if (unlikely(bio->bi_idx >= bio->bi_vcnt)) {
> + if (unlikely(idx >= bio->bi_vcnt)) {
> blk_dump_rq_flags(req, "__end_that");
> printk(KERN_ERR "%s: bio idx %d >= vcnt %d\n",
> - __func__, bio->bi_idx, bio->bi_vcnt);
> + __func__, idx, bio->bi_vcnt);
> break;
> }
Thanks!
--
Jens Axboe
prev parent reply other threads:[~2009-05-12 11:27 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-08 6:45 [PATCH] block: fix the bio_vec array index out-of-bounds test Kazuhisa Ichikawa
2009-05-12 11:27 ` Jens Axboe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090512112729.GI4140@kernel.dk \
--to=jens.axboe@oracle.com \
--cc=ki@epsilou.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.