Re: [PATCH] bugfix of access a invalid addr
From: Ross Zwisler
Date: Thu Feb 18 2016 - 17:36:35 EST
On Wed, Feb 17, 2016 at 3:02 AM, <chenjie6@xxxxxxxxxx> wrote:
> From: chenjie <chenjie6@xxxxxxxxxx>
>
> when we run fs_fsbase_t, some testcase like
> write05 failed
>
> write05 0 TINFO : Enter Block 1: test with bad fd
> write05 1 TPASS : received EBADF as expected.
> write05 0 TINFO : Exit Block 1
> write05 0 TINFO : Enter Block 2: test with a bad address
> write05 2 TFAIL : write() on an invalid buffer succeeded,
> but should have failed
I'm not sure what fs_fsbase_t is, but when testing by hand I do
correctly see an error when I give a bogus user address to dax_io().
Here's the check that fails:
if (iov_iter_rw(iter) == WRITE) {
len = copy_from_iter_pmem(dax.addr, max - pos, iter);
need_wmb = true;
} else if (!hole)
len = copy_to_iter((void __force *) dax.addr,
max - pos,
iter);
else
len = iov_iter_zero(max - pos, iter);
if (!len) {
rc = -EFAULT;
break;
}
This last if(!len) check fails, and we return -EFAULT.
Can you share a small test program to that reproduces incorrect behavior?
>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: chenjie <chenjie6@xxxxxxxxxx>
>
> ---
> fs/dax.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/fs/dax.c b/fs/dax.c
> index fc2e314..e1b1ff6 100644
> --- a/fs/dax.c
> +++ b/fs/dax.c
> @@ -214,6 +214,11 @@ static ssize_t dax_io(struct inode *inode, struct iov_iter *iter,
> max = min(pos + size, end);
> }
>
> + if (unlikely(iov_iter_fault_in_readable(iter, max - pos))) {
> + retval = -EFAULT;
This doesn't compile...
s/retval/rc/