1. Patchew
  2. linux
  3. View series

[PATCH] btrfs: Change iov_iter_alignment_iovec to check iovec count before accesses an iovec

Dennis Lam posted 1 patch 1 year, 4 months ago
There is a newer version of this series
lib/iov_iter.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH] btrfs: Change iov_iter_alignment_iovec to check iovec count before accesses an iovec
Posted by Dennis Lam 1 year, 4 months ago 
When checking iov_iter_alignment_iovec for valid read and the iovec is empty,
the function still tries to iterate non-existant values. In this case, the iov
variable is empty and attempting to use iov->iov_len causes a kernel crash.

This patch fixes this by checking the size of the iovec before iterating.

Signed-off-by: Dennis Lam <dennis.lamerice@gmail.com>
---
 lib/iov_iter.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 4a6a9f419bd7..2d82ecf1b622 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -783,7 +783,7 @@ static unsigned long iov_iter_alignment_iovec(const struct iov_iter *i)
 	size_t size = i->count;
 	size_t skip = i->iov_offset;
 
-	do {
+	while(size) {
 		size_t len = iov->iov_len - skip;
 		if (len) {
 			res |= (unsigned long)iov->iov_base + skip;
@@ -794,7 +794,7 @@ static unsigned long iov_iter_alignment_iovec(const struct iov_iter *i)
 		}
 		iov++;
 		skip = 0;
-	} while (size);
+	} 
 	return res;
 }
 
-- 
2.45.2
[PATCH RESEND] btrfs: Change iov_iter_alignment_iovec to check iovec count before accesses an iovec
Posted by Dennis Lam 1 year, 4 months ago 
When checking iov_iter_alignment_iovec for valid read and the iovec is empty,
the function still tries to iterate non-existant values. In this case, the iov
variable is empty and attempting to use iov->iov_len causes a kernel crash.

This patch fixes this by checking the size of the iovec before iterating.

Resent this patch in thread because one of the emails I pasted was wrong.

Signed-off-by: Dennis Lam <dennis.lamerice@gmail.com>
---
 lib/iov_iter.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 4a6a9f419bd7..2d82ecf1b622 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -783,7 +783,7 @@ static unsigned long iov_iter_alignment_iovec(const struct iov_iter *i)
 	size_t size = i->count;
 	size_t skip = i->iov_offset;
 
-	do {
+	while(size) {
 		size_t len = iov->iov_len - skip;
 		if (len) {
 			res |= (unsigned long)iov->iov_base + skip;
@@ -794,7 +794,7 @@ static unsigned long iov_iter_alignment_iovec(const struct iov_iter *i)
 		}
 		iov++;
 		skip = 0;
-	} while (size);
+	} 
 	return res;
 }
 
-- 
2.45.2

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.