| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACVXFVPNpZgo4-Hjbg0_BN2Xby-P4R_zcWTR_MDN_v+8TGM3sw@mail.gmail.com>
Date: Fri, 31 Mar 2017 16:21:40 +0800
From: Ming Lei <tom.leiming@...il.com>
To: Dmitry Monakhov <dmonakhov@...nvz.org>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
linux-block <linux-block@...r.kernel.org>,
"Martin K. Petersen" <martin.petersen@...cle.com>
Subject: Re: [PATCH 1/8] Guard bvec iteration logic
On Thu, Mar 30, 2017 at 9:49 PM, Dmitry Monakhov <dmonakhov@...nvz.org> wrote:
> If some one try to attempt advance bvec beyond it's size we simply
> dump WARN_ONCE and continue to iterate beyond bvec array boundaries.
> This simply means that we endup dereferencing/corrupting random memory
> region.
>
> Code was added long time ago here 4550dd6c, luckily no one hit it
> in real life :)
>
> Signed-off-by: Dmitry Monakhov <dmonakhov@...nvz.org>
> ---
> include/linux/bvec.h | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/include/linux/bvec.h b/include/linux/bvec.h
> index 89b65b8..86b914f 100644
> --- a/include/linux/bvec.h
> +++ b/include/linux/bvec.h
> @@ -70,8 +70,7 @@ static inline void bvec_iter_advance(const struct bio_vec *bv,
> struct bvec_iter *iter,
> unsigned bytes)
> {
> - WARN_ONCE(bytes > iter->bi_size,
> - "Attempted to advance past end of bvec iter\n");
> + BUG_ON(bytes > iter->bi_size);
This may not a good idea, especially Linus did not like BUG_ON(), please see the
following link:
https://lkml.org/lkml/2016/10/4/1
Thanks,
Ming Lei
Powered by blists - more mailing lists