Adding more Cc and stable (i thought this was 5.1 addition). Note that
without this patch on arch/kernel where PAGE_SIZE != 4096 userspace
could read random memory through a zram block device (thought userspace
probably would have no control on the address being read).
On Mon, Apr 08, 2019 at 02:32:19PM -0400, jglisse@xxxxxxxxxx wrote:
> From: Jérôme Glisse <jglisse@xxxxxxxxxx>
>
> When scheduling work item to read page we need to pass down the proper
> bvec struct which point to the page to read into. Before this patch it
> uses randomly initialized bvec (only if PAGE_SIZE != 4096) which is
> wrong.
>
> Signed-off-by: Jérôme Glisse <jglisse@xxxxxxxxxx>
> Cc: Minchan Kim <minchan@xxxxxxxxxx>
> Cc: Nitin Gupta <ngupta@xxxxxxxxxx>
> Cc: Sergey Senozhatsky <sergey.senozhatsky.work@xxxxxxxxx>
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> ---
> drivers/block/zram/zram_drv.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c
> index 399cad7daae7..d58a359a6622 100644
> --- a/drivers/block/zram/zram_drv.c
> +++ b/drivers/block/zram/zram_drv.c
> @@ -774,18 +774,18 @@ struct zram_work {
> struct zram *zram;
> unsigned long entry;
> struct bio *bio;
> + struct bio_vec bvec;
> };
>
> #if PAGE_SIZE != 4096
> static void zram_sync_read(struct work_struct *work)
> {
> - struct bio_vec bvec;
> struct zram_work *zw = container_of(work, struct zram_work, work);
> struct zram *zram = zw->zram;
> unsigned long entry = zw->entry;
> struct bio *bio = zw->bio;
>
> - read_from_bdev_async(zram, &bvec, entry, bio);
> + read_from_bdev_async(zram, &zw->bvec, entry, bio);
> }
>
> /*
> @@ -798,6 +798,7 @@ static int read_from_bdev_sync(struct zram *zram, struct bio_vec *bvec,
> {
> struct zram_work work;
>
> + work.bvec = *bvec;
> work.zram = zram;
> work.entry = entry;
> work.bio = bio;
> --
> 2.20.1
>
