lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Nov 2022 20:00:10 +0100
From:   Anders Blomdell <anders.blomdell@...trol.lth.se>
To:     Jeff Layton <jlayton@...nel.org>,
        Chuck Lever <chuck.lever@...cle.com>,
        "Al Viro" <viro@...iv.linux.org.uk>
CC:     <linux-nfs@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <stable@...r.kernel.org>
Subject: [PATCH v2 1/1] Make nfsd_splice_actor work with reads with a non-zero
 offset that doesn't end on a page boundary

Make nfsd_splice_actor work with reads with a non-zero offset that doesn't end on a page boundary.

This was found when virtual machines with nfs-mounted qcow2 disks failed to boot properly (originally found
on v6.0.5, fix also needed and tested on v6.0.9 and v6.1-rc6).

Signed-off-by: Anders Blomdell <anders.blomdell@...trol.lth.se>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2142132
Fixes: bfbfb6182ad1 "nfsd_splice_actor(): handle compound pages"
Cc: stable@...r.kernel.org # v6.0+

-- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -869,12 +869,13 @@ nfsd_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
  		  struct splice_desc *sd)
  {
  	struct svc_rqst *rqstp = sd->u.data;
-	struct page *page = buf->page;	// may be a compound one
+	// buf->page may be a compound one
  	unsigned offset = buf->offset;
+	struct page *first = buf->page + offset / PAGE_SIZE;
+	struct page *last = buf->page + (offset + sd->len - 1) / PAGE_SIZE;

-	page += offset / PAGE_SIZE;
-	for (int i = sd->len; i > 0; i -= PAGE_SIZE)
-		svc_rqst_replace_page(rqstp, page++);
+	for (struct page *page = first; page <= last; page++)
+		svc_rqst_replace_page(rqstp, page);
  	if (rqstp->rq_res.page_len == 0)	// first call
  		rqstp->rq_res.page_base = offset % PAGE_SIZE;
  	rqstp->rq_res.page_len += sd->len;

-- 
Anders Blomdell                  Email: anders.blomdell@...trol.lth.se
Department of Automatic Control
Lund University                  Phone:    +46 46 222 4625
P.O. Box 118
SE-221 00 Lund, Sweden

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ