Re: [Devel] [PATCH RH7] vfs: add warning in guard_bio_eod() if truncated_bytes > bvec->bv_len

2016-12-04 Thread Roman Kagan 
On Sat, Dec 03, 2016 at 11:22:26AM +0300, Dmitry Monakhov wrote:
> 
> Pavel Tikhomirov  writes:
> 
> > https://jira.sw.ru/browse/PSBM-55105
> >
> > In bug we crashed in zero_fill_bio when trying to zero memset bio_vec:
> >
> > struct bio_vec {
> >   bv_page = 0xea0004437500,
> >   bv_len = 4294948864,
> >   bv_offset = 0
> > }
> >
> > which is bigger than its bio->bi_size = 104448, guard_bio_eod might
> > lead to these bv_len overflow and is suspicious as quiet recently
> > in vz7.19.4 we've ported commit 2573b2539875("vfs: make guard_bh_eod()
> > more generic") which adds bv_len reduction, and before that there
> > were no crash.
> >
> > Signed-off-by: Pavel Tikhomirov 
> > ---
> >  fs/buffer.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/fs/buffer.c b/fs/buffer.c
> > index c45200d..b820080 100644
> > --- a/fs/buffer.c
> > +++ b/fs/buffer.c
> > @@ -3009,6 +3009,7 @@ void guard_bio_eod(int rw, struct bio *bio)
> >  
> > /* Truncate the bio.. */
> > bio->bi_size -= truncated_bytes;
> > +   WARN_ON(truncated_bytes > bvec->bv_len);
> BUG_ON would be more appropriate here.

Haven't you seen how Linus "critisized" Andrew for doing exactly that?

Roman.
___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Re: [Devel] [PATCH RH7] vfs: add warning in guard_bio_eod() if truncated_bytes > bvec->bv_len

2016-12-03 Thread Dmitry Monakhov 

Pavel Tikhomirov  writes:

> https://jira.sw.ru/browse/PSBM-55105
>
> In bug we crashed in zero_fill_bio when trying to zero memset bio_vec:
>
> struct bio_vec {
>   bv_page = 0xea0004437500,
>   bv_len = 4294948864,
>   bv_offset = 0
> }
>
> which is bigger than its bio->bi_size = 104448, guard_bio_eod might
> lead to these bv_len overflow and is suspicious as quiet recently
> in vz7.19.4 we've ported commit 2573b2539875("vfs: make guard_bh_eod()
> more generic") which adds bv_len reduction, and before that there
> were no crash.
>
> Signed-off-by: Pavel Tikhomirov 
> ---
>  fs/buffer.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/fs/buffer.c b/fs/buffer.c
> index c45200d..b820080 100644
> --- a/fs/buffer.c
> +++ b/fs/buffer.c
> @@ -3009,6 +3009,7 @@ void guard_bio_eod(int rw, struct bio *bio)
>  
>   /* Truncate the bio.. */
>   bio->bi_size -= truncated_bytes;
> + WARN_ON(truncated_bytes > bvec->bv_len);
BUG_ON would be more appropriate here.
>   bvec->bv_len -= truncated_bytes;
>  
>   /* ..and clear the end of the buffer for reads */
> -- 
> 2.9.3

___
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel