On Tue, Mar 15, 2016 at 10:15:39AM -0400, Jeff Moyer wrote:
> Hannes Reinecke <hare@xxxxxxx> writes:
>
> > We need to check for a valid index before accessing the array
> > element to avoid accessing invalid memory regions.
>
> Hi, Hannes,
>
> What's the motivation here? Did you witness an invalid tag being passed
> in? Isn't that just a bug in the caller?
The tag generally comes more or less straight from the wire. So
someome should bounds check it, and doing it in one place seems easier
than in every driver, and Hannes patch would allow us to remove these
checks from nvme.
>
> -Jeff
>
>
> > Signed-off-by: Hannes Reinecke <hare@xxxxxxxx>
> > ---
> > block/blk-mq.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/block/blk-mq.c b/block/blk-mq.c
> > index 56c0a72..4ea87d5 100644
> > --- a/block/blk-mq.c
> > +++ b/block/blk-mq.c
> > @@ -544,6 +544,8 @@ EXPORT_SYMBOL(blk_mq_abort_requeue_list);
> >
> > struct request *blk_mq_tag_to_rq(struct blk_mq_tags *tags, unsigned int tag)
> > {
> > + if (unlikely(tag >= tags->nr_tags))
> > + return NULL;
> > return tags->rqs[tag];
> > }
> > EXPORT_SYMBOL(blk_mq_tag_to_rq);
---end quoted text---
--
To unsubscribe from this list: send the line "unsubscribe linux-block" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
