lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 2 Oct 2012 13:26:43 -0700
From:	Kent Overstreet <koverstreet@...gle.com>
To:	Vivek Goyal <vgoyal@...hat.com>
Cc:	linux-bcache@...r.kernel.org, linux-kernel@...r.kernel.org,
	dm-devel@...hat.com, axboe@...nel.dk,
	"Martin K. Petersen" <martin.petersen@...cle.com>, tj@...nel.org
Subject: Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in
 bio_integrity_split()

On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
> On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:
> 
> [..]
> > Here's the new patch:
> > 
> > 
> > commit e270c9ca843b5c86d59431b0d7a676b7846946d6
> > Author: Kent Overstreet <koverstreet@...gle.com>
> > Date:   Mon Oct 1 14:41:08 2012 -0700
> > 
> >     block: Fix a buffer overrun in bio_integrity_split()
> >     
> >     bio_integrity_split() seemed to be confusing pointers and arrays -
> >     bip_vec in bio_integrity_payload is an array appended to the end of the
> >     payload, so the bio_vecs in struct bio_pair need to come immediately
> >     after the bio_integrity_payload they're for, and there was an assignment
> >     in bio_integrity_split() that didn't make any sense.
> >     
> >     Also, changed bio_integrity_split() to not refer to the bvecs embedded
> >     in struct bio_pair, in case there's padding between them and
> >     bip->bip_vec.
> >     
> >     Signed-off-by: Kent Overstreet <koverstreet@...gle.com>
> >     CC: Jens Axboe <axboe@...nel.dk>
> >     CC: Martin K. Petersen <martin.petersen@...cle.com>
> > 
> > diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
> > index a3f28f3..4ae22a8 100644
> > --- a/fs/bio-integrity.c
> > +++ b/fs/bio-integrity.c
> > @@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct bio_pair *bp, int sectors)
> >  	bp->bio1.bi_integrity = &bp->bip1;
> >  	bp->bio2.bi_integrity = &bp->bip2;
> >  
> > -	bp->iv1 = bip->bip_vec[0];
> > -	bp->iv2 = bip->bip_vec[0];
> > +	*bp->bip1.bip_vec = bip->bip_vec[0];
> > +	*bp->bip2.bip_vec = bip->bip_vec[0];
> 
> I think this is horrible. Why not introduce bvec pointer in bip (like bio),
> to cover the case when bvec are not inline.

That's... exactly what the next patch in the series does.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ