From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <51B1AB4F.1090206@gmail.com> Date: Fri, 07 Jun 2013 17:43:43 +0800 From: Jiang Liu MIME-Version: 1.0 To: Jerome Marchand CC: Minchan Kim , Greg Kroah-Hartman , Nitin Gupta , Jiang Liu , devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH v3 05/10] zram: avoid access beyond the zram device References: <1370534851-26056-1-git-send-email-jiang.liu@huawei.com> <1370534851-26056-6-git-send-email-jiang.liu@huawei.com> <20130607080945.GD22516@blaptop> <51B1AA8A.4010005@redhat.com> In-Reply-To: <51B1AA8A.4010005@redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: On 06/07/2013 05:40 PM, Jerome Marchand wrote: > On 06/07/2013 10:09 AM, Minchan Kim wrote: >> On Fri, Jun 07, 2013 at 12:07:26AM +0800, Jiang Liu wrote: >>> Function valid_io_request() should verify the entire request are within ... >>> >>> + start = bio->bi_sector; >>> + end = start + (bio->bi_size >> SECTOR_SHIFT); >>> + bound = zram->disksize >> SECTOR_SHIFT; >>> + /* out of range range */ >>> + if (unlikely(start >= bound || end >= bound || start > end)) >> >> if (end >= bound || start > end) isn't enough? > > I shall think so. > > Jerome Me too! But I realized this just after sending out the patchset last night. > >> >>> return 0; >>> - } >>> >>> /* I/O request is valid */ >>> return 1; >>> -- >>> 1.8.1.2 >>> >>> -- >>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in >>> the body of a message to majordomo@vger.kernel.org >>> More majordomo info at http://vger.kernel.org/majordomo-info.html >>> Please read the FAQ at http://www.tux.org/lkml/ >> >