On 12/30/19 5:17 AM, Zhiqiang Liu wrote: > From: renxudong <renxudong1@xxxxxxxxxx> > > Blk_rq_map_kern func is used to map kernel data to a request, > in which kbuf par should be a valid kernel buffer. However, > kbuf par is only checked whether it is null in blk_rq_map_kern func. > > If users pass a non kernel address to blk_rq_map_kern func in the > non-aligned scenario, the invalid kbuf will be set to bio->bi_private. > When the request is completed, bio_copy_kern_endio_read will be called > to copy data to the kernel address in bio->bi_private. If the bi_private > is not a valid kernel address, the system will oops. In this case, we > cannot judge whether the bio structure is damaged or the kernel address is > invalid. > > Here, we add kernel address validation by calling virt_addr_valid. Applied, thanks. -- Jens Axboe
