[Devel] [PATCH rh7] cbt: blk_cbt_update_size() should not copy uninitialized data
to_cpy is the number of page pointers to copy from current cbt to new. The following check: > if ((new_sz + bsz) >> cbt->block_bits <= cbt->block_max) > goto err_mtx; ensures that the copy will be done only for new cbt bigger than current. So, we have to calculate to_cpy based on the current (smaller) cbt. The rest of new cbt is OK because it was nullified by do_cbt_alloc(). The bug existed since the very first version of CBT (commit ad7ba3dfe). https://jira.sw.ru/browse/PSBM-48120 Signed-off-by: Maxim Patlasov --- block/blk-cbt.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/blk-cbt.c b/block/blk-cbt.c index 001dbfd..3a2b197 100644 --- a/block/blk-cbt.c +++ b/block/blk-cbt.c @@ -448,7 +448,7 @@ void blk_cbt_update_size(struct block_device *bdev) set_bit(CBT_ERROR, &cbt->flags); goto err_mtx; } - to_cpy = NR_PAGES(new->block_max); + to_cpy = NR_PAGES(cbt->block_max); set_bit(CBT_NOCACHE, &cbt->flags); cbt_flush_cache(cbt); spin_lock_irq(&cbt->lock); ___ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
Re: [Devel] [PATCH rh7] cbt: blk_cbt_update_size() should not copy uninitialized data
Maxim Patlasov writes: > to_cpy is the number of page pointers to copy from current cbt to new. > The following check: > >> if ((new_sz + bsz) >> cbt->block_bits <= cbt->block_max) >> goto err_mtx; > > ensures that the copy will be done only for new cbt bigger than current. So, > we have to calculate to_cpy based on the current (smaller) cbt. The rest of > new cbt is OK because it was nullified by do_cbt_alloc(). > > The bug existed since the very first version of CBT (commit ad7ba3dfe). > > https://jira.sw.ru/browse/PSBM-48120 > ACK > Signed-off-by: Maxim Patlasov > --- > block/blk-cbt.c |2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/block/blk-cbt.c b/block/blk-cbt.c > index 001dbfd..3a2b197 100644 > --- a/block/blk-cbt.c > +++ b/block/blk-cbt.c > @@ -448,7 +448,7 @@ void blk_cbt_update_size(struct block_device *bdev) > set_bit(CBT_ERROR, &cbt->flags); > goto err_mtx; > } > - to_cpy = NR_PAGES(new->block_max); > + to_cpy = NR_PAGES(cbt->block_max); > set_bit(CBT_NOCACHE, &cbt->flags); > cbt_flush_cache(cbt); > spin_lock_irq(&cbt->lock); signature.asc Description: PGP signature ___ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
