From: Kent Overstreet <koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
To: Vivek Goyal <vgoyal-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: linux-bcache-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
dm-devel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
axboe-tSWWG44O7X1aa/9Udqfwiw@public.gmane.org,
"Martin K. Petersen"
<martin.petersen-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org
Subject: Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split()
Date: Mon, 1 Oct 2012 14:42:41 -0700 [thread overview]
Message-ID: <20121001214241.GE26488@google.com> (raw)
In-Reply-To: <20121001212336.GA17165-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
On Mon, Oct 01, 2012 at 05:23:36PM -0400, Vivek Goyal wrote:
> On Mon, Sep 24, 2012 at 03:34:41PM -0700, Kent Overstreet wrote:
> > bio_integrity_split() seemed to be confusing pointers and arrays -
> > bip_vec in bio_integrity_payload is an array appended to the end of the
> > payload, so the bio_vecs in struct bio_pair need to come immediately
> > after the bio_integrity_payload they're for, and there was an assignment
> > in bio_integrity_split() that didn't make any sense.
> >
> > Signed-off-by: Kent Overstreet <koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
> > CC: Jens Axboe <axboe-tSWWG44O7X1aa/9Udqfwiw@public.gmane.org>
> > CC: Martin K. Petersen <martin.petersen-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
> > ---
> > fs/bio-integrity.c | 3 ---
> > include/linux/bio.h | 6 ++++--
> > 2 files changed, 4 insertions(+), 5 deletions(-)
> >
> > diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
> > index a3f28f3..c7b6b52 100644
> > --- a/fs/bio-integrity.c
> > +++ b/fs/bio-integrity.c
> > @@ -697,9 +697,6 @@ void bio_integrity_split(struct bio *bio, struct bio_pair *bp, int sectors)
> > bp->iv1 = bip->bip_vec[0];
> > bp->iv2 = bip->bip_vec[0];
> >
> > - bp->bip1.bip_vec[0] = bp->iv1;
> > - bp->bip2.bip_vec[0] = bp->iv2;
> > -
> > bp->iv1.bv_len = sectors * bi->tuple_size;
> > bp->iv2.bv_offset += sectors * bi->tuple_size;
> > bp->iv2.bv_len -= sectors * bi->tuple_size;
> > diff --git a/include/linux/bio.h b/include/linux/bio.h
> > index b31036f..8e2d108 100644
> > --- a/include/linux/bio.h
> > +++ b/include/linux/bio.h
> > @@ -200,8 +200,10 @@ struct bio_pair {
> > struct bio bio1, bio2;
> > struct bio_vec bv1, bv2;
> > #if defined(CONFIG_BLK_DEV_INTEGRITY)
> > - struct bio_integrity_payload bip1, bip2;
> > - struct bio_vec iv1, iv2;
> > + struct bio_integrity_payload bip1;
> > + struct bio_vec iv1;
> > + struct bio_integrity_payload bip2;
> > + struct bio_vec iv2;
> > #endif
>
> I think it probably is a good idea to put a comment here so that we
> know that certain elements of structure assume ordering.
>
> Also I am wondering that what's the gurantee that there are no padding
> bytes between bipi1 and iv1 (or bip2 or iv2). I think if there are padding
> bytes then the assumption that bio_vec is always following bip will be
> broken?
Here's the new patch:
commit e270c9ca843b5c86d59431b0d7a676b7846946d6
Author: Kent Overstreet <koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
Date: Mon Oct 1 14:41:08 2012 -0700
block: Fix a buffer overrun in bio_integrity_split()
bio_integrity_split() seemed to be confusing pointers and arrays -
bip_vec in bio_integrity_payload is an array appended to the end of the
payload, so the bio_vecs in struct bio_pair need to come immediately
after the bio_integrity_payload they're for, and there was an assignment
in bio_integrity_split() that didn't make any sense.
Also, changed bio_integrity_split() to not refer to the bvecs embedded
in struct bio_pair, in case there's padding between them and
bip->bip_vec.
Signed-off-by: Kent Overstreet <koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
CC: Jens Axboe <axboe-tSWWG44O7X1aa/9Udqfwiw@public.gmane.org>
CC: Martin K. Petersen <martin.petersen-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
index a3f28f3..4ae22a8 100644
--- a/fs/bio-integrity.c
+++ b/fs/bio-integrity.c
@@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct bio_pair *bp, int sectors)
bp->bio1.bi_integrity = &bp->bip1;
bp->bio2.bi_integrity = &bp->bip2;
- bp->iv1 = bip->bip_vec[0];
- bp->iv2 = bip->bip_vec[0];
+ *bp->bip1.bip_vec = bip->bip_vec[0];
+ *bp->bip2.bip_vec = bip->bip_vec[0];
- bp->bip1.bip_vec[0] = bp->iv1;
- bp->bip2.bip_vec[0] = bp->iv2;
-
- bp->iv1.bv_len = sectors * bi->tuple_size;
- bp->iv2.bv_offset += sectors * bi->tuple_size;
- bp->iv2.bv_len -= sectors * bi->tuple_size;
+ bp->bip1.bip_vec->bv_len = sectors * bi->tuple_size;
+ bp->bip2.bip_vec->bv_offset += sectors * bi->tuple_size;
+ bp->bip2.bip_vec->bv_len -= sectors * bi->tuple_size;
bp->bip1.bip_sector = bio->bi_integrity->bip_sector;
bp->bip2.bip_sector = bio->bi_integrity->bip_sector + nr_sectors;
diff --git a/include/linux/bio.h b/include/linux/bio.h
index b31036f..8e2d108 100644
--- a/include/linux/bio.h
+++ b/include/linux/bio.h
@@ -200,8 +200,10 @@ struct bio_pair {
struct bio bio1, bio2;
struct bio_vec bv1, bv2;
#if defined(CONFIG_BLK_DEV_INTEGRITY)
- struct bio_integrity_payload bip1, bip2;
- struct bio_vec iv1, iv2;
+ struct bio_integrity_payload bip1;
+ struct bio_vec iv1;
+ struct bio_integrity_payload bip2;
+ struct bio_vec iv2;
#endif
atomic_t cnt;
int error;
next prev parent reply other threads:[~2012-10-01 21:42 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-24 22:34 [PATCH v3 00/26] Prep work for immutable bio vecs Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 01/26] block: Fix a buffer overrun in bio_integrity_split() Kent Overstreet
[not found] ` <1348526106-17074-2-git-send-email-koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-10-01 21:23 ` [dm-devel] " Vivek Goyal
[not found] ` <20121001212336.GA17165-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-10-01 21:36 ` Kent Overstreet
2012-10-01 21:42 ` Kent Overstreet [this message]
[not found] ` <20121001214241.GE26488-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-10-02 14:08 ` Vivek Goyal
[not found] ` <20121002140847.GD758-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-10-02 20:26 ` Kent Overstreet
[not found] ` <20121002202643.GQ26488-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-10-02 20:32 ` Vivek Goyal
2012-10-02 21:01 ` Kent Overstreet
[not found] ` <20121002210143.GT26488-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-10-02 21:58 ` [dm-devel] " Vivek Goyal
[not found] ` <20121002215845.GB14471-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-10-02 22:07 ` Kent Overstreet
2012-10-02 22:30 ` Martin K. Petersen
2012-09-24 22:34 ` [PATCH v3 02/26] block: Convert integrity to bvec_alloc_bs() Kent Overstreet
2012-10-02 15:12 ` [dm-devel] " Vivek Goyal
2012-10-02 20:52 ` Kent Overstreet
[not found] ` <20121002205249.GR26488-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-10-02 22:05 ` [dm-devel] " Vivek Goyal
2012-10-02 22:17 ` Kent Overstreet
[not found] ` <1348526106-17074-3-git-send-email-koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-10-02 15:37 ` Vivek Goyal
2012-10-02 21:00 ` Kent Overstreet
[not found] ` <20121002210006.GS26488-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-10-02 22:02 ` Vivek Goyal
2012-09-24 22:34 ` [PATCH v3 03/26] block: Add bio_advance() Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 04/26] block: Refactor blk_update_request() Kent Overstreet
2012-10-02 18:43 ` [dm-devel] " Vivek Goyal
[not found] ` <20121002184359.GC3283-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-10-02 20:10 ` Kent Overstreet
2012-10-02 20:14 ` Vivek Goyal
[not found] ` <20121002201451.GH758-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-10-02 20:25 ` Kent Overstreet
2012-10-02 18:59 ` Vivek Goyal
[not found] ` <20121002185955.GD3283-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-10-02 20:09 ` [dm-devel] " Kent Overstreet
[not found] ` <1348526106-17074-1-git-send-email-koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-09-24 22:34 ` [PATCH v3 05/26] md: Convert md_trim_bio() to use bio_advance() Kent Overstreet
[not found] ` <1348526106-17074-6-git-send-email-koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-09-26 0:38 ` NeilBrown
[not found] ` <20120926103827.4d880cf4-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2012-09-27 4:41 ` Kent Overstreet
2012-09-24 22:35 ` [PATCH v3 23/26] block: Add bio_alloc_pages() Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 06/26] block: Add bio_end_sector() Kent Overstreet
[not found] ` <1348526106-17074-7-git-send-email-koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-09-25 11:54 ` Lars Ellenberg
[not found] ` <20120925115452.GF8143-w1SgEEioFePxa46PmUWvFg@public.gmane.org>
2012-09-25 22:06 ` [Drbd-dev] " Kent Overstreet
[not found] ` <20120925220624.GC22647-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-09-26 15:16 ` Lars Ellenberg
2012-10-02 18:10 ` [dm-devel] " Vivek Goyal
[not found] ` <20121002181001.GB3283-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-10-02 20:20 ` Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 07/26] block: Use bio_sectors() more consistently Kent Overstreet
[not found] ` <1348526106-17074-8-git-send-email-koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-09-24 23:04 ` Jim Paris
[not found] ` <20120924230449.GA2040-SRSuHwkuBJlaX0KmTac7FA@public.gmane.org>
2012-09-24 23:09 ` Kent Overstreet
2012-09-25 0:54 ` Ed Cashin
2012-09-24 22:34 ` [PATCH v3 08/26] block: Change bio_split() to respect the current value of bi_idx Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 09/26] block: Remove bi_idx references Kent Overstreet
[not found] ` <1348526106-17074-10-git-send-email-koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-10-02 19:24 ` [dm-devel] " Vivek Goyal
2012-10-02 20:16 ` Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 10/26] block: Remove some unnecessary bi_vcnt usage Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 11/26] block: Add submit_bio_wait(), remove from md Kent Overstreet
[not found] ` <1348526106-17074-12-git-send-email-koverstreet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-09-25 5:51 ` [dm-devel] " Hannes Reinecke
2012-09-25 22:15 ` Kent Overstreet
2012-10-02 19:41 ` Vivek Goyal
[not found] ` <20121002194132.GF3283-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-10-02 20:11 ` Kent Overstreet
[not found] ` <20121002201105.GL26488-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2012-10-02 20:16 ` Vivek Goyal
[not found] ` <20121002201630.GI758-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-10-02 20:22 ` Kent Overstreet
2012-10-04 6:07 ` Hannes Reinecke
2012-09-24 22:34 ` [PATCH v3 12/26] raid10: Use bio_reset() Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 13/26] raid1: use bio_reset() Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 14/26] raid5: " Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 15/26] raid1: Refactor narrow_write_error() to not use bi_idx Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 16/26] block: Add bio_copy_data() Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 17/26] pktcdvd: use bio_copy_data() Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 18/26] pktcdvd: Use bio_reset() in disabled code to kill bi_idx usage Kent Overstreet
2012-09-24 22:34 ` [PATCH v3 19/26] raid1: use bio_copy_data() Kent Overstreet
2012-09-24 22:35 ` [PATCH v3 20/26] bounce: Refactor __blk_queue_bounce to not use bi_io_vec Kent Overstreet
2012-09-24 22:35 ` [PATCH v3 21/26] block: Add bio_for_each_segment_all() Kent Overstreet
2012-09-24 22:35 ` [PATCH v3 22/26] block: Convert some code to bio_for_each_segment_all() Kent Overstreet
2012-09-24 22:35 ` [PATCH v3 24/26] block: Add an explicit bio flag for bios that own their bvec Kent Overstreet
2012-09-24 22:35 ` [PATCH v3 25/26] bio-integrity: Add explicit field for owner of bip_buf Kent Overstreet
2012-09-24 22:35 ` [PATCH v3 26/26] block: Add BIO_SUBMITTED flag, kill BIO_CLONED Kent Overstreet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121001214241.GE26488@google.com \
--to=koverstreet-hpiqsd4aklfqt0dzr+alfa@public.gmane.org \
--cc=axboe-tSWWG44O7X1aa/9Udqfwiw@public.gmane.org \
--cc=dm-devel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-bcache-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=martin.petersen-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=vgoyal-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).