* [PATCH] blkmapd: Make sure device root contains valid device id
@ 2015-03-22 13:22 Kinglong Mee
2015-03-25 8:42 ` Christoph Hellwig
2015-03-26 15:29 ` Steve Dickson
0 siblings, 2 replies; 3+ messages in thread
From: Kinglong Mee @ 2015-03-22 13:22 UTC (permalink / raw)
To: Steve Dickson; +Cc: rees, Linux NFS Mailing List
When testing pnfs in virtual linux based on VirtualBox,
blkmapd gets dev_root->len == 0, which causes it Segmentation fault.
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
---
utils/blkmapd/device-inq.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/utils/blkmapd/device-inq.c b/utils/blkmapd/device-inq.c
index eabc70c..c5bf71f 100644
--- a/utils/blkmapd/device-inq.c
+++ b/utils/blkmapd/device-inq.c
@@ -179,6 +179,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
char *buffer;
struct bl_dev_id *dev_root, *dev_id;
unsigned int pos, len, current_id = 0;
+ size_t devid_len = sizeof(struct bl_dev_id) - sizeof(unsigned char);
status = bldev_inquire_pages(fd, 0x83, &buffer);
if (status)
@@ -189,7 +190,11 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
pos = 0;
current_id = 0;
len = dev_root->len;
- while (pos < (len - sizeof(struct bl_dev_id) + sizeof(unsigned char))) {
+
+ if (len < devid_len)
+ goto out;
+
+ while (pos < (len - devid_len)) {
dev_id = (struct bl_dev_id *)&(dev_root->data[pos]);
if ((dev_id->ids & 0xf) < current_id)
continue;
@@ -221,8 +226,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
}
if (current_id == 3)
break;
- pos += (dev_id->len + sizeof(struct bl_dev_id) -
- sizeof(unsigned char));
+ pos += (dev_id->len + devid_len);
}
out:
if (!serial_out)
--
2.3.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] blkmapd: Make sure device root contains valid device id
2015-03-22 13:22 [PATCH] blkmapd: Make sure device root contains valid device id Kinglong Mee
@ 2015-03-25 8:42 ` Christoph Hellwig
2015-03-26 15:29 ` Steve Dickson
1 sibling, 0 replies; 3+ messages in thread
From: Christoph Hellwig @ 2015-03-25 8:42 UTC (permalink / raw)
To: Kinglong Mee; +Cc: Steve Dickson, rees, Linux NFS Mailing List
On Sun, Mar 22, 2015 at 09:22:59PM +0800, Kinglong Mee wrote:
> When testing pnfs in virtual linux based on VirtualBox,
> blkmapd gets dev_root->len == 0, which causes it Segmentation fault.
VirtualBox learly returns bogus values here, but it's always better to
be defensive, so:
Reviewed-by: Christoph Hellwig <hch@lst.de>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] blkmapd: Make sure device root contains valid device id
2015-03-22 13:22 [PATCH] blkmapd: Make sure device root contains valid device id Kinglong Mee
2015-03-25 8:42 ` Christoph Hellwig
@ 2015-03-26 15:29 ` Steve Dickson
1 sibling, 0 replies; 3+ messages in thread
From: Steve Dickson @ 2015-03-26 15:29 UTC (permalink / raw)
To: Kinglong Mee; +Cc: rees, Linux NFS Mailing List
On 03/22/2015 09:22 AM, Kinglong Mee wrote:
> When testing pnfs in virtual linux based on VirtualBox,
> blkmapd gets dev_root->len == 0, which causes it Segmentation fault.
>
> Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Committed...
steved.
> ---
> utils/blkmapd/device-inq.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/utils/blkmapd/device-inq.c b/utils/blkmapd/device-inq.c
> index eabc70c..c5bf71f 100644
> --- a/utils/blkmapd/device-inq.c
> +++ b/utils/blkmapd/device-inq.c
> @@ -179,6 +179,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
> char *buffer;
> struct bl_dev_id *dev_root, *dev_id;
> unsigned int pos, len, current_id = 0;
> + size_t devid_len = sizeof(struct bl_dev_id) - sizeof(unsigned char);
>
> status = bldev_inquire_pages(fd, 0x83, &buffer);
> if (status)
> @@ -189,7 +190,11 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
> pos = 0;
> current_id = 0;
> len = dev_root->len;
> - while (pos < (len - sizeof(struct bl_dev_id) + sizeof(unsigned char))) {
> +
> + if (len < devid_len)
> + goto out;
> +
> + while (pos < (len - devid_len)) {
> dev_id = (struct bl_dev_id *)&(dev_root->data[pos]);
> if ((dev_id->ids & 0xf) < current_id)
> continue;
> @@ -221,8 +226,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
> }
> if (current_id == 3)
> break;
> - pos += (dev_id->len + sizeof(struct bl_dev_id) -
> - sizeof(unsigned char));
> + pos += (dev_id->len + devid_len);
> }
> out:
> if (!serial_out)
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-03-26 15:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-22 13:22 [PATCH] blkmapd: Make sure device root contains valid device id Kinglong Mee
2015-03-25 8:42 ` Christoph Hellwig
2015-03-26 15:29 ` Steve Dickson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.