From: Jiang Liu <liuj97@gmail.com>
To: Jerome Marchand <jmarchan@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Nitin Gupta <ngupta@vflare.org>, Minchan Kim <minchan@kernel.org>,
Yijing Wang <wangyijing@huawei.com>,
Jiang Liu <jiang.liu@huawei.com>,
devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH v1 6/8] zram: avoid access beyond the zram device
Date: Tue, 04 Jun 2013 23:09:49 +0800 [thread overview]
Message-ID: <51AE033D.8090302@gmail.com> (raw)
In-Reply-To: <51ADE87F.9080303@redhat.com>
On Tue 04 Jun 2013 09:15:43 PM CST, Jerome Marchand wrote:
> On 06/03/2013 05:42 PM, Jiang Liu wrote:
>> Function valid_io_request() should verify the entire request doesn't
>> exceed the zram device, otherwise it will cause invalid memory access.
>>
>> Signed-off-by: Jiang Liu <jiang.liu@huawei.com>
>> ---
>> drivers/staging/zram/zram_drv.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
>> index 66cf28a..64b51b9 100644
>> --- a/drivers/staging/zram/zram_drv.c
>> +++ b/drivers/staging/zram/zram_drv.c
>> @@ -428,6 +428,10 @@ static inline int valid_io_request(struct zram *zram, struct bio *bio)
>> return 0;
>> }
>>
>> + if (unlikely((bio->bi_sector << SECTOR_SHIFT) + bio->bi_size >=
>> + zram->disksize))
>> + return 0;
>> +
>
> This test make the first line of previous test redundant. Why not just
> update it like the following:
>
> - (bio->bi_sector >= (zram->disksize >> SECTOR_SHIFT)) ||
> + ((bio->bi_sector << SECTOR_SHIFT) + bio->bi_size >=
> + zram->disksize)) ||
>
>
> Jerome
Hi Jerome,
I think the test "bio->bi_sector >= (zram->disksize >>
SECTOR_SHIFT)" is still
needed to protect "(bio->bi_sector << SECTOR_SHIFT) + bio->bi_size"
from wrapping
around.
Regards!
Gerry
>
>> /* I/O request is valid */
>> return 1;
>> }
>>
>
next prev parent reply other threads:[~2013-06-04 15:10 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-03 15:42 [RFC PATCH v1 0/8] small bugfixes and code improvements for zram Jiang Liu
2013-06-03 15:42 ` [RFC PATCH v1 1/8] zram: simplify and optimize zram_to_dev() Jiang Liu
2013-06-04 13:09 ` Jerome Marchand
2013-06-04 14:31 ` Jiang Liu
2013-06-03 15:42 ` [RFC PATCH v1 2/8] zram: avoid invalid memory access in zram_exit() Jiang Liu
2013-06-04 9:03 ` Minchan Kim
2013-06-04 14:27 ` Jiang Liu
2013-06-03 15:42 ` [RFC PATCH v1 3/8] zram: use zram->lock to protect zram_free_page() in swap free notify path Jiang Liu
2013-06-03 15:42 ` [RFC PATCH v1 4/8] zram: destroy all devices on error recovery path in zram_init() Jiang Liu
2013-06-04 8:49 ` Dan Carpenter
2013-06-04 14:57 ` Jiang Liu
2013-06-03 15:42 ` [RFC PATCH v1 5/8] zram: avoid double free in error recovery path of zram_bvec_write() Jiang Liu
2013-06-04 13:27 ` Jerome Marchand
2013-06-03 15:42 ` [RFC PATCH v1 6/8] zram: avoid access beyond the zram device Jiang Liu
2013-06-04 13:15 ` Jerome Marchand
2013-06-04 15:09 ` Jiang Liu [this message]
2013-06-05 8:52 ` Jerome Marchand
2013-06-03 15:42 ` [RFC PATCH v1 7/8] zram: optimize memory operations with clear_page()/copy_page() Jiang Liu
2013-06-03 15:42 ` [RFC PATCH v1 8/8] zram: protect sysfs handler from invalid memory access Jiang Liu
2013-06-04 9:00 ` [RFC PATCH v1 0/8] small bugfixes and code improvements for zram Minchan Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51AE033D.8090302@gmail.com \
--to=liuj97@gmail.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=jiang.liu@huawei.com \
--cc=jmarchan@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=minchan@kernel.org \
--cc=ngupta@vflare.org \
--cc=wangyijing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox