| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 03 Mar 2008 23:22:46 +0900
From: Tejun Heo <htejun@...il.com>
To: FUJITA Tomonori <tomof@....org>
CC: fujita.tomonori@....ntt.co.jp, jens.axboe@...cle.com,
James.Bottomley@...senPartnership.com, efault@....de,
akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
linux-ide@...r.kernel.org, linux-scsi@...r.kernel.org,
jgarzik@...ox.com
Subject: Re: [PATCH] block: fix residual byte count handling
FUJITA Tomonori wrote:
>> At the end of blk_rq_map_user() together with data_len / extra_len
>> mangling or were you talking about James' original patch?
>
> With my patch, at the end of blk_rq_map_user, we have:
>
> if (len & queue_dma_alignment(q)) {
> unsigned int pad_len = (queue_dma_alignment(q) & ~len) + 1;
>
> rq->extra_len += pad_len;
> }
>
>
> So no change as compared with 2.6.24?
Oh.. you killed sg list manipulation. Many controllers do allow odd
bytes as the last sg entry but not all. Also, if you append drain
buffer after it, it ends up with unaligned sg entry in the middle and
rq->data_len + rq->extra_len will overrun the sg entry after the drain
page which is really dangerous.
--
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists