lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 2 Oct 2012 16:32:53 -0400
From:	Vivek Goyal <vgoyal@...hat.com>
To:	Kent Overstreet <koverstreet@...gle.com>
Cc:	linux-bcache@...r.kernel.org, linux-kernel@...r.kernel.org,
	dm-devel@...hat.com, axboe@...nel.dk,
	"Martin K. Petersen" <martin.petersen@...cle.com>, tj@...nel.org
Subject: Re: [dm-devel] [PATCH v3 01/26] block: Fix a buffer overrun in
 bio_integrity_split()

On Tue, Oct 02, 2012 at 01:26:43PM -0700, Kent Overstreet wrote:
> On Tue, Oct 02, 2012 at 10:08:47AM -0400, Vivek Goyal wrote:
> > On Mon, Oct 01, 2012 at 02:42:41PM -0700, Kent Overstreet wrote:
> > 
> > [..]
> > > Here's the new patch:
> > > 
> > > 
> > > commit e270c9ca843b5c86d59431b0d7a676b7846946d6
> > > Author: Kent Overstreet <koverstreet@...gle.com>
> > > Date:   Mon Oct 1 14:41:08 2012 -0700
> > > 
> > >     block: Fix a buffer overrun in bio_integrity_split()
> > >     
> > >     bio_integrity_split() seemed to be confusing pointers and arrays -
> > >     bip_vec in bio_integrity_payload is an array appended to the end of the
> > >     payload, so the bio_vecs in struct bio_pair need to come immediately
> > >     after the bio_integrity_payload they're for, and there was an assignment
> > >     in bio_integrity_split() that didn't make any sense.
> > >     
> > >     Also, changed bio_integrity_split() to not refer to the bvecs embedded
> > >     in struct bio_pair, in case there's padding between them and
> > >     bip->bip_vec.
> > >     
> > >     Signed-off-by: Kent Overstreet <koverstreet@...gle.com>
> > >     CC: Jens Axboe <axboe@...nel.dk>
> > >     CC: Martin K. Petersen <martin.petersen@...cle.com>
> > > 
> > > diff --git a/fs/bio-integrity.c b/fs/bio-integrity.c
> > > index a3f28f3..4ae22a8 100644
> > > --- a/fs/bio-integrity.c
> > > +++ b/fs/bio-integrity.c
> > > @@ -694,15 +694,12 @@ void bio_integrity_split(struct bio *bio, struct bio_pair *bp, int sectors)
> > >  	bp->bio1.bi_integrity = &bp->bip1;
> > >  	bp->bio2.bi_integrity = &bp->bip2;
> > >  
> > > -	bp->iv1 = bip->bip_vec[0];
> > > -	bp->iv2 = bip->bip_vec[0];
> > > +	*bp->bip1.bip_vec = bip->bip_vec[0];
> > > +	*bp->bip2.bip_vec = bip->bip_vec[0];
> > 
> > I think this is horrible. Why not introduce bvec pointer in bip (like bio),
> > to cover the case when bvec are not inline.
> 
> That's... exactly what the next patch in the series does.

Yes, but if you want to push some of the these bug fixes in stable (as martin
had said), we need to introduce that bip->bio_vec pointer early. Also that
next patch is doing lot other other things like getting rid of bip_slabs
and we don't require all that to fix this particular bug.

In fact I would say that it is beter to fix this blk integrity bug in a
separate patchset so that it can be pushed out earlier.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ