The patch titled md: check bio address after mapping through partitions. has been added to the -mm tree. Its filename is md-check-bio-address-after-mapping-through-partitions.patch See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find out what to do about this ------------------------------------------------------ Subject: md: check bio address after mapping through partitions. From: NeilBrown <neilb@xxxxxxx> Partitions are not limited to live within a device. So we should range check after partition mapping. Note that 'maxsector' was being used for two different things. I have split off the second usage into 'old_sector' so that maxsector can be still be used for it's primary usage later in the function. Cc: Jens Axboe <jens.axboe@xxxxxxxxxx> Signed-off-by: Neil Brown <neilb@xxxxxxx> Cc: <stable@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxx> --- block/ll_rw_blk.c | 24 ++++++++++++++++++++---- 1 files changed, 20 insertions(+), 4 deletions(-) diff -puN block/ll_rw_blk.c~md-check-bio-address-after-mapping-through-partitions block/ll_rw_blk.c --- a/block/ll_rw_blk.c~md-check-bio-address-after-mapping-through-partitions +++ a/block/ll_rw_blk.c @@ -2999,6 +2999,7 @@ void generic_make_request(struct bio *bi { request_queue_t *q; sector_t maxsector; + sector_t old_sector; int ret, nr_sectors = bio_sectors(bio); dev_t old_dev; @@ -3027,7 +3028,7 @@ void generic_make_request(struct bio *bi * NOTE: we don't repeat the blk_size check for each new device. * Stacking drivers are expected to know what they are doing. */ - maxsector = -1; + old_sector = -1; old_dev = 0; do { char b[BDEVNAME_SIZE]; @@ -3061,15 +3062,30 @@ end_io: */ blk_partition_remap(bio); - if (maxsector != -1) + if (old_sector != -1) blk_add_trace_remap(q, bio, old_dev, bio->bi_sector, - maxsector); + old_sector); blk_add_trace_bio(q, bio, BLK_TA_QUEUE); - maxsector = bio->bi_sector; + old_sector = bio->bi_sector; old_dev = bio->bi_bdev->bd_dev; + maxsector = bio->bi_bdev->bd_inode->i_size >> 9; + if (maxsector) { + sector_t sector = bio->bi_sector; + + if (maxsector < nr_sectors || maxsector - nr_sectors < sector) { + /* + * This may well happen - partitions are not checked + * to make sure they are within the size of the + * whole device. + */ + handle_bad_sector(bio); + goto end_io; + } + } + ret = q->make_request_fn(q, bio); } while (ret); } _ Patches currently in -mm which might be from neilb@xxxxxxx are origin.patch sunrpc-fix-refcounting-problems-in-rpc-servers.patch sunrpc-fix-refcounting-problems-in-rpc-servers-fix.patch md-check-bio-address-after-mapping-through-partitions.patch sunrpc-add-missing-spin_unlock.patch lockdep-annotate-nfs-nfsd-in-kernel-sockets.patch lockdep-annotate-nfs-nfsd-in-kernel-sockets-tidy.patch remove-lock_key-approach-to-managing-nested-bd_mutex-locks.patch simplify-some-aspects-of-bd_mutex-nesting.patch use-mutex_lock_nested-for-bd_mutex-to-avoid-lockdep-warning.patch avoid-lockdep-warning-in-md.patch lockdep-annotate-nfsd4-recover-code.patch md-conditionalize-some-code.patch md-dm-reduce-stack-usage-with-stacked-block-devices.patch - To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html