Pavel Tikhomirov <ptikhomi...@virtuozzo.com> writes: > https://jira.sw.ru/browse/PSBM-55105 > > In bug we crashed in zero_fill_bio when trying to zero memset bio_vec: > > struct bio_vec { > bv_page = 0xffffea0004437500, > bv_len = 4294948864, > bv_offset = 0 > } > > which is bigger than its bio->bi_size = 104448, guard_bio_eod might > lead to these bv_len overflow and is suspicious as quiet recently > in vz7.19.4 we've ported commit 2573b2539875("vfs: make guard_bh_eod() > more generic") which adds bv_len reduction, and before that there > were no crash. > > Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com> > --- > fs/buffer.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/buffer.c b/fs/buffer.c > index c45200d..b820080 100644 > --- a/fs/buffer.c > +++ b/fs/buffer.c > @@ -3009,6 +3009,7 @@ void guard_bio_eod(int rw, struct bio *bio) > > /* Truncate the bio.. */ > bio->bi_size -= truncated_bytes; > + WARN_ON(truncated_bytes > bvec->bv_len); BUG_ON would be more appropriate here. > bvec->bv_len -= truncated_bytes; > > /* ..and clear the end of the buffer for reads */ > -- > 2.9.3
_______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
