lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20171212124437.115284927@linuxfoundation.org> Date: Tue, 12 Dec 2017 13:45:20 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Johannes Thumshirn <jthumshirn@...e.de>, Hannes Reinecke <hare@...e.com>, Sergey Senozhatsky <sergey.senozhatsky@...il.com>, Jens Axboe <axboe@...com>, Sasha Levin <alexander.levin@...izon.com> Subject: [PATCH 4.9 110/148] zram: set physical queue limits to avoid array out of bounds accesses 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Johannes Thumshirn <jthumshirn@...e.de> [ Upstream commit 0bc315381fe9ed9fb91db8b0e82171b645ac008f ] zram can handle at most SECTORS_PER_PAGE sectors in a bio's bvec. When using the NVMe over Fabrics loopback target which potentially sends a huge bulk of pages attached to the bio's bvec this results in a kernel panic because of array out of bounds accesses in zram_decompress_page(). Signed-off-by: Johannes Thumshirn <jthumshirn@...e.de> Reviewed-by: Hannes Reinecke <hare@...e.com> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@...il.com> Signed-off-by: Jens Axboe <axboe@...com> Signed-off-by: Sasha Levin <alexander.levin@...izon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- drivers/block/zram/zram_drv.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -1286,6 +1286,8 @@ static int zram_add(void) blk_queue_io_min(zram->disk->queue, PAGE_SIZE); blk_queue_io_opt(zram->disk->queue, PAGE_SIZE); zram->disk->queue->limits.discard_granularity = PAGE_SIZE; + zram->disk->queue->limits.max_sectors = SECTORS_PER_PAGE; + zram->disk->queue->limits.chunk_sectors = 0; blk_queue_max_discard_sectors(zram->disk->queue, UINT_MAX); /* * zram_bio_discard() will clear all logical blocks if logical block
Powered by blists - more mailing lists