On Tue 04 Jun 2013 09:15:43 PM CST, Jerome Marchand wrote:
> On 06/03/2013 05:42 PM, Jiang Liu wrote:
>> Function valid_io_request() should verify the entire request doesn't
>> exceed the zram device, otherwise it will cause invalid memory access.
>>
>> Signed-off-by: Jiang Liu <jiang.liu@xxxxxxxxxx>
>> ---
>> drivers/staging/zram/zram_drv.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
>> index 66cf28a..64b51b9 100644
>> --- a/drivers/staging/zram/zram_drv.c
>> +++ b/drivers/staging/zram/zram_drv.c
>> @@ -428,6 +428,10 @@ static inline int valid_io_request(struct zram *zram, struct bio *bio)
>> return 0;
>> }
>>
>> + if (unlikely((bio->bi_sector << SECTOR_SHIFT) + bio->bi_size >=
>> + zram->disksize))
>> + return 0;
>> +
>
> This test make the first line of previous test redundant. Why not just
> update it like the following:
>
> - (bio->bi_sector >= (zram->disksize >> SECTOR_SHIFT)) ||
> + ((bio->bi_sector << SECTOR_SHIFT) + bio->bi_size >=
> + zram->disksize)) ||
>
>
> Jerome
Hi Jerome,
I think the test "bio->bi_sector >= (zram->disksize >>
SECTOR_SHIFT)" is still
needed to protect "(bio->bi_sector << SECTOR_SHIFT) + bio->bi_size"
from wrapping
around.
Regards!
Gerry
>
>> /* I/O request is valid */
>> return 1;
>> }
>>
>
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
