From: Tejun Heo <tj@kernel.org>
To: Jeffrey Carlyle <jeff.carlyle@motorola.com>
Cc: OLUSANYA SOYANNWO <olusanya.soyannwo@motorola.com>,
linux-kernel@vger.kernel.org, Hu Tao <taohu@motorola.com>,
jaxboe@fusionio.com, torvalds@osdl.org
Subject: Re: [PATCH v2] scatterlist: prevent invalid free when alloc fails
Date: Mon, 30 Aug 2010 18:00:21 +0200 [thread overview]
Message-ID: <4C7BD595.6080102@kernel.org> (raw)
In-Reply-To: <20100830154825.E4E2560255F@il93ubuntu.localdomain>
Hello,
On 08/30/2010 05:01 PM, Jeffrey Carlyle wrote:
> When alloc fails, free_table is being called. Depending on the number of
> bytes requested, we determine if we are going to call _get_free_page()
> or kmalloc(). When alloc fails, our math is wrong (due to sg_size - 1),
> and the last buffer is wrongfully assumed to have been allocated by
> kmalloc. Hence, kfree gets called and a panic occurs.
>
> Signed-off-by: Jeffrey Carlyle <jeff.carlyle@motorola.com>
> Signed-off-by: Olusanya Soyannwo <c23746@motorola.com>
> Cc: Tejun Heo <tj@kernel.org>
> Cc: Jens Axboe <jaxboe@fusionio.com>
Supposing it's verified to fix the same issue,
Acked-by: Tejun Heo <tj@kernel.org>
trivial suggestions below,
> ---
> lib/scatterlist.c | 8 +++++++-
> 1 files changed, 7 insertions(+), 1 deletions(-)
>
> diff --git a/lib/scatterlist.c b/lib/scatterlist.c
> index a5ec428..9bc637f 100644
> --- a/lib/scatterlist.c
> +++ b/lib/scatterlist.c
> @@ -248,8 +248,14 @@ int __sg_alloc_table(struct sg_table *table, unsigned int nents,
> left -= sg_size;
>
> sg = alloc_fn(alloc_size, gfp_mask);
> - if (unlikely(!sg))
> + if (unlikely(!sg)) {
> + /*
> + * Adjust entry count so that proper free function is
> + * used in sg_kfree.
> + */
I think it would be better why the adjustment is necessary. IOW,
something like "Adjust entry count to reflect that the last entry of
the previous table won't be used for linkage. Without this,
sg_kfree() may get confused."
Thanks.
--
tejun
prev parent reply other threads:[~2010-08-30 16:00 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-26 16:04 [PATCH] scatterlist: prevent invalid free when alloc fails Jeffrey Carlyle
2010-08-27 10:18 ` Tejun Heo
2010-08-27 19:45 ` Jeffrey Carlyle
2010-08-27 20:15 ` Jeffrey Carlyle
2010-08-27 23:32 ` Tejun Heo
2010-08-30 15:01 ` [PATCH v2] " Jeffrey Carlyle
2010-08-30 15:58 ` [PATCH v3] " Jeffrey Carlyle
2010-08-30 16:04 ` [PATCH v4] " Jeffrey Carlyle
2010-08-30 16:08 ` [PATCH v5] " Jeffrey Carlyle
2010-08-30 16:13 ` Tejun Heo
2010-08-30 16:19 ` [PATCH v6] " Jeffrey Carlyle
2010-08-30 17:28 ` Tejun Heo
2010-08-30 17:56 ` Jens Axboe
2010-08-30 16:05 ` [PATCH v3] " Tejun Heo
2010-08-30 16:12 ` Jeffrey Carlyle
2010-08-30 16:00 ` Tejun Heo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C7BD595.6080102@kernel.org \
--to=tj@kernel.org \
--cc=jaxboe@fusionio.com \
--cc=jeff.carlyle@motorola.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olusanya.soyannwo@motorola.com \
--cc=taohu@motorola.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).