Re: [RFC PATCH v1 6/8] zram: avoid access beyond the zram device
From: Jerome Marchand
Date: Tue Jun 04 2013 - 09:16:17 EST
On 06/03/2013 05:42 PM, Jiang Liu wrote:
> Function valid_io_request() should verify the entire request doesn't
> exceed the zram device, otherwise it will cause invalid memory access.
>
> Signed-off-by: Jiang Liu <jiang.liu@xxxxxxxxxx>
> ---
> drivers/staging/zram/zram_drv.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
> index 66cf28a..64b51b9 100644
> --- a/drivers/staging/zram/zram_drv.c
> +++ b/drivers/staging/zram/zram_drv.c
> @@ -428,6 +428,10 @@ static inline int valid_io_request(struct zram *zram, struct bio *bio)
> return 0;
> }
>
> + if (unlikely((bio->bi_sector << SECTOR_SHIFT) + bio->bi_size >=
> + zram->disksize))
> + return 0;
> +
This test make the first line of previous test redundant. Why not just
update it like the following:
- (bio->bi_sector >= (zram->disksize >> SECTOR_SHIFT)) ||
+ ((bio->bi_sector << SECTOR_SHIFT) + bio->bi_size >=
+ zram->disksize)) ||
Jerome
> /* I/O request is valid */
> return 1;
> }
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/