From mboxrd@z Thu Jan 1 00:00:00 1970 From: piaojun Subject: Re: [V9fs-developer] [PATCH] net/9p: Modify the problem of BUG_ON judgment Date: Fri, 3 Aug 2018 14:18:57 +0800 Message-ID: <5B63F3D1.3020408@huawei.com> References: <5B63D5F6.6080109@huawei.com> Mime-Version: 1.0 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit Cc: , Linux Kernel Mailing List , To: jiangyiwen , Eric Van Hensbergen , Ron Minnich , Latchesar Ionkov , Dominique Martinet Return-path: In-Reply-To: <5B63D5F6.6080109@huawei.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org LGTM On 2018/8/3 12:11, jiangyiwen wrote: > Because the value of limit is VIRTQUEUE_NUM, if index is equal to > limit, it will cause sg array out of bounds, so correct the judgement > of BUG_ON. > > Signed-off-by: Yiwen Jiang Acked-by: Jun Piao > --- > net/9p/trans_virtio.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c > index 6265d1d..08264ba 100644 > --- a/net/9p/trans_virtio.c > +++ b/net/9p/trans_virtio.c > @@ -191,7 +191,7 @@ static int pack_sg_list(struct scatterlist *sg, int start, > s = rest_of_page(data); > if (s > count) > s = count; > - BUG_ON(index > limit); > + BUG_ON(index >= limit); > /* Make sure we don't terminate early. */ > sg_unmark_end(&sg[index]); > sg_set_buf(&sg[index++], data, s); > @@ -236,6 +236,7 @@ static int p9_virtio_cancel(struct p9_client *client, struct p9_req_t *req) > s = PAGE_SIZE - data_off; > if (s > count) > s = count; > + BUG_ON(index >= limit); > /* Make sure we don't terminate early. */ > sg_unmark_end(&sg[index]); > sg_set_page(&sg[index++], pdata[i++], s, data_off); >