| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Dec 2019 20:11:14 +0100
From: Andreas Gruenbacher <agruenba@...hat.com>
To: Jens Axboe <axboe@...nel.dk>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Junichi Nomura <j-nomura@...jp.nec.com>,
Christoph Hellwig <hch@....de>, Ming Lei <ming.lei@...hat.com>,
Hannes Reinecke <hare@...e.de>, linux-block@...r.kernel.org,
linux-kernel@...r.kernel.org,
Andreas Gruenbacher <agruenba@...hat.com>,
stable@...r.kernel.org
Subject: [PATCH] block: fix "check bi_size overflow before merge"
This partially reverts commit e3a5d8e386c3fb973fa75f2403622a8f3640ec06.
Commit e3a5d8e386c3 ("check bi_size overflow before merge") adds a bio_full
check to __bio_try_merge_page. This will cause __bio_try_merge_page to fail
when the last bi_io_vec has been reached. Instead, what we want here is only
the bi_size overflow check.
Fixes: e3a5d8e386c3 ("block: check bi_size overflow before merge")
Cc: stable@...r.kernel.org # v5.4+
Signed-off-by: Andreas Gruenbacher <agruenba@...hat.com>
---
block/bio.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/block/bio.c b/block/bio.c
index 9d54aa37ce6c..a5d75f6bf4c7 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -754,10 +754,12 @@ bool __bio_try_merge_page(struct bio *bio, struct page *page,
if (WARN_ON_ONCE(bio_flagged(bio, BIO_CLONED)))
return false;
- if (bio->bi_vcnt > 0 && !bio_full(bio, len)) {
+ if (bio->bi_vcnt > 0) {
struct bio_vec *bv = &bio->bi_io_vec[bio->bi_vcnt - 1];
if (page_is_mergeable(bv, page, len, off, same_page)) {
+ if (bio->bi_iter.bi_size > UINT_MAX - len)
+ return false;
bv->bv_len += len;
bio->bi_iter.bi_size += len;
return true;
--
2.20.1
Powered by blists - more mailing lists