From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dominique Martinet Subject: Re: [V9fs-developer] [PATCH] net/9p: Modify the problem of BUG_ON judgment Date: Fri, 3 Aug 2018 06:23:08 +0200 Message-ID: <20180803042308.GA4618@nautica> References: <5B63D5F6.6080109@huawei.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Cc: Eric Van Hensbergen , Ron Minnich , Latchesar Ionkov , Linux Kernel Mailing List , v9fs-developer@lists.sourceforge.net, netdev@vger.kernel.org To: jiangyiwen Return-path: Content-Disposition: inline In-Reply-To: <5B63D5F6.6080109@huawei.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org jiangyiwen wrote on Fri, Aug 03, 2018: > Because the value of limit is VIRTQUEUE_NUM, if index is equal to > limit, it will cause sg array out of bounds, so correct the judgement > of BUG_ON. > > Signed-off-by: Yiwen Jiang I'm not sure you've acted on his mail or if you found this independantly, but this was reported by Dan Carpenter on the list in June. Would you mind if I add a tag for him? Reported-by: Dan Carpenter That aside this looks good, I'll take it. > --- > net/9p/trans_virtio.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c > index 6265d1d..08264ba 100644 > --- a/net/9p/trans_virtio.c > +++ b/net/9p/trans_virtio.c > @@ -191,7 +191,7 @@ static int pack_sg_list(struct scatterlist *sg, int start, > s = rest_of_page(data); > if (s > count) > s = count; > - BUG_ON(index > limit); > + BUG_ON(index >= limit); > /* Make sure we don't terminate early. */ > sg_unmark_end(&sg[index]); > sg_set_buf(&sg[index++], data, s); > @@ -236,6 +236,7 @@ static int p9_virtio_cancel(struct p9_client *client, struct p9_req_t *req) > s = PAGE_SIZE - data_off; > if (s > count) > s = count; > + BUG_ON(index >= limit); > /* Make sure we don't terminate early. */ > sg_unmark_end(&sg[index]); > sg_set_page(&sg[index++], pdata[i++], s, data_off); -- Dominique Martinet