Re: [PATCH] pipe: Fix bogus dereference in iov_iter_alignment()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jan Kara <jack@xxxxxxx> wrote:

> We cannot look at 'i->pipe' unless we know the iter is a pipe. Move the
> ring_size load to a branch in iov_iter_alignment() where we've already
> checked the iter is a pipe to avoid bogus dereference.
> 
> Reported-by: syzbot+bea68382bae9490e7dd6@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: 8cefc107ca54 ("pipe: Use head and tail pointers for the ring, not cursor and length")
> Signed-off-by: Jan Kara <jack@xxxxxxx>

Reviewed-by: David Howells <dhowells@xxxxxxxxxx>
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux