Re: [PATCH] bugfix of access a invalid addr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 17, 2016 at 3:02 AM,  <chenjie6@xxxxxxxxxx> wrote:
> From: chenjie <chenjie6@xxxxxxxxxx>
>
> when we run fs_fsbase_t, some testcase like
> write05 failed
>
> write05     0  TINFO  :  Enter Block 1: test with bad fd
> write05     1  TPASS  :  received EBADF as expected.
> write05     0  TINFO  :  Exit Block 1
> write05     0  TINFO  :  Enter Block 2: test with a bad address
> write05     2  TFAIL  :  write() on an invalid buffer succeeded,
>                          but should have failed

I'm not sure what fs_fsbase_t is, but when testing by hand I do
correctly see an error when I give a bogus user address to dax_io().
Here's the check that fails:

                 if (iov_iter_rw(iter) == WRITE) {
                         len = copy_from_iter_pmem(dax.addr, max - pos, iter);
                         need_wmb = true;
                 } else if (!hole)
                         len = copy_to_iter((void __force *) dax.addr,
max - pos,
                                         iter);
                 else
                         len = iov_iter_zero(max - pos, iter);

                 if (!len) {
                         rc = -EFAULT;
                         break;
                 }

This last if(!len) check fails, and we return -EFAULT.

Can you share a small test program to that reproduces incorrect behavior?

>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: chenjie <chenjie6@xxxxxxxxxx>
>
> ---
>  fs/dax.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/fs/dax.c b/fs/dax.c
> index fc2e314..e1b1ff6 100644
> --- a/fs/dax.c
> +++ b/fs/dax.c
> @@ -214,6 +214,11 @@ static ssize_t dax_io(struct inode *inode, struct iov_iter *iter,
>                         max = min(pos + size, end);
>                 }
>
> +               if (unlikely(iov_iter_fault_in_readable(iter, max - pos))) {
> +                       retval = -EFAULT;

This doesn't compile...
s/retval/rc/
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]