Function valid_io_request() should verify the entire request doesn't exceed the zram device, otherwise it will cause invalid memory access. Signed-off-by: Jiang Liu <jiang.liu@xxxxxxxxxx> --- drivers/staging/zram/zram_drv.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c index 66cf28a..64b51b9 100644 --- a/drivers/staging/zram/zram_drv.c +++ b/drivers/staging/zram/zram_drv.c @@ -428,6 +428,10 @@ static inline int valid_io_request(struct zram *zram, struct bio *bio) return 0; } + if (unlikely((bio->bi_sector << SECTOR_SHIFT) + bio->bi_size >= + zram->disksize)) + return 0; + /* I/O request is valid */ return 1; } -- 1.8.1.2 _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
