* [PATCH] 9p: BUG before corrupting memory
@ 2012-05-28 16:00 Sasha Levin
0 siblings, 0 replies; only message in thread
From: Sasha Levin @ 2012-05-28 16:00 UTC (permalink / raw)
To: davem, ericvh, aneesh.kumar, jvrao; +Cc: netdev, linux-kernel, Sasha Levin
The BUG_ON() in pack_sg_list() would get triggered only one time after we've
corrupted some memory by sg_set_buf() into an invalid sg buffer.
I'm still working on figuring out why I manage to trigger that bug...
Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
---
net/9p/trans_virtio.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
index 5af18d1..2fd7305 100644
--- a/net/9p/trans_virtio.c
+++ b/net/9p/trans_virtio.c
@@ -192,10 +192,10 @@ static int pack_sg_list(struct scatterlist *sg, int start,
s = rest_of_page(data);
if (s > count)
s = count;
+ BUG_ON(index >= limit);
sg_set_buf(&sg[index++], data, s);
count -= s;
data += s;
- BUG_ON(index > limit);
}
return index-start;
--
1.7.8.6
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-05-28 15:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-05-28 16:00 [PATCH] 9p: BUG before corrupting memory Sasha Levin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.