All of lore.kernel.org
 help / color / mirror / Atom feed
* [dm-devel] Patch "dm btree: add a defensive bounds check to insert_at()" has been added to the 4.14-stable tree
@ 2022-01-23 16:40 Sasha Levin
  0 siblings, 0 replies; only message in thread
From: Sasha Levin @ 2022-01-23 16:40 UTC (permalink / raw)
  To: stable-commits, ejt; +Cc: dm-devel, Mike Snitzer, Alasdair Kergon

This is a note to let you know that I've just added the patch titled

    dm btree: add a defensive bounds check to insert_at()

to the 4.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     dm-btree-add-a-defensive-bounds-check-to-insert_at.patch
and it can be found in the queue-4.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.



commit 3bfc7cd96377fc1b474bb75d3522fc71637408e1
Author: Joe Thornber <ejt@redhat.com>
Date:   Fri Dec 10 13:44:13 2021 +0000

    dm btree: add a defensive bounds check to insert_at()
    
    [ Upstream commit 85bca3c05b6cca31625437eedf2060e846c4bbad ]
    
    Corrupt metadata could trigger an out of bounds write.
    
    Signed-off-by: Joe Thornber <ejt@redhat.com>
    Signed-off-by: Mike Snitzer <snitzer@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c
index 8aae0624a2971..6383afb88f319 100644
--- a/drivers/md/persistent-data/dm-btree.c
+++ b/drivers/md/persistent-data/dm-btree.c
@@ -83,14 +83,16 @@ void inc_children(struct dm_transaction_manager *tm, struct btree_node *n,
 }
 
 static int insert_at(size_t value_size, struct btree_node *node, unsigned index,
-		      uint64_t key, void *value)
-		      __dm_written_to_disk(value)
+		     uint64_t key, void *value)
+	__dm_written_to_disk(value)
 {
 	uint32_t nr_entries = le32_to_cpu(node->header.nr_entries);
+	uint32_t max_entries = le32_to_cpu(node->header.max_entries);
 	__le64 key_le = cpu_to_le64(key);
 
 	if (index > nr_entries ||
-	    index >= le32_to_cpu(node->header.max_entries)) {
+	    index >= max_entries ||
+	    nr_entries >= max_entries) {
 		DMERR("too many entries in btree node for insert");
 		__dm_unbless_for_disk(value);
 		return -ENOMEM;


--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel


^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2022-01-23 16:47 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-23 16:40 [dm-devel] Patch "dm btree: add a defensive bounds check to insert_at()" has been added to the 4.14-stable tree Sasha Levin

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.