All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] blkmapd: Make sure device root contains valid device id
@ 2015-03-22 13:22 Kinglong Mee
  2015-03-25  8:42 ` Christoph Hellwig
  2015-03-26 15:29 ` Steve Dickson
  0 siblings, 2 replies; 3+ messages in thread
From: Kinglong Mee @ 2015-03-22 13:22 UTC (permalink / raw)
  To: Steve Dickson; +Cc: rees, Linux NFS Mailing List

When testing pnfs in virtual linux based on VirtualBox,
blkmapd gets dev_root->len == 0, which causes it Segmentation fault.

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
---
 utils/blkmapd/device-inq.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/utils/blkmapd/device-inq.c b/utils/blkmapd/device-inq.c
index eabc70c..c5bf71f 100644
--- a/utils/blkmapd/device-inq.c
+++ b/utils/blkmapd/device-inq.c
@@ -179,6 +179,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
 	char *buffer;
 	struct bl_dev_id *dev_root, *dev_id;
 	unsigned int pos, len, current_id = 0;
+	size_t devid_len = sizeof(struct bl_dev_id) - sizeof(unsigned char);
 
 	status = bldev_inquire_pages(fd, 0x83, &buffer);
 	if (status)
@@ -189,7 +190,11 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
 	pos = 0;
 	current_id = 0;
 	len = dev_root->len;
-	while (pos < (len - sizeof(struct bl_dev_id) + sizeof(unsigned char))) {
+
+	if (len < devid_len)
+		goto out;
+
+	while (pos < (len - devid_len)) {
 		dev_id = (struct bl_dev_id *)&(dev_root->data[pos]);
 		if ((dev_id->ids & 0xf) < current_id)
 			continue;
@@ -221,8 +226,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
 		}
 		if (current_id == 3)
 			break;
-		pos += (dev_id->len + sizeof(struct bl_dev_id) -
-			sizeof(unsigned char));
+		pos += (dev_id->len + devid_len);
 	}
  out:
 	if (!serial_out)
-- 
2.3.3


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] blkmapd: Make sure device root contains valid device id
  2015-03-22 13:22 [PATCH] blkmapd: Make sure device root contains valid device id Kinglong Mee
@ 2015-03-25  8:42 ` Christoph Hellwig
  2015-03-26 15:29 ` Steve Dickson
  1 sibling, 0 replies; 3+ messages in thread
From: Christoph Hellwig @ 2015-03-25  8:42 UTC (permalink / raw)
  To: Kinglong Mee; +Cc: Steve Dickson, rees, Linux NFS Mailing List

On Sun, Mar 22, 2015 at 09:22:59PM +0800, Kinglong Mee wrote:
> When testing pnfs in virtual linux based on VirtualBox,
> blkmapd gets dev_root->len == 0, which causes it Segmentation fault.

VirtualBox learly returns bogus values here, but it's always better to
be defensive, so:

Reviewed-by: Christoph Hellwig <hch@lst.de>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] blkmapd: Make sure device root contains valid device id
  2015-03-22 13:22 [PATCH] blkmapd: Make sure device root contains valid device id Kinglong Mee
  2015-03-25  8:42 ` Christoph Hellwig
@ 2015-03-26 15:29 ` Steve Dickson
  1 sibling, 0 replies; 3+ messages in thread
From: Steve Dickson @ 2015-03-26 15:29 UTC (permalink / raw)
  To: Kinglong Mee; +Cc: rees, Linux NFS Mailing List



On 03/22/2015 09:22 AM, Kinglong Mee wrote:
> When testing pnfs in virtual linux based on VirtualBox,
> blkmapd gets dev_root->len == 0, which causes it Segmentation fault.
> 
> Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Committed...

steved.

> ---
>  utils/blkmapd/device-inq.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/utils/blkmapd/device-inq.c b/utils/blkmapd/device-inq.c
> index eabc70c..c5bf71f 100644
> --- a/utils/blkmapd/device-inq.c
> +++ b/utils/blkmapd/device-inq.c
> @@ -179,6 +179,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
>  	char *buffer;
>  	struct bl_dev_id *dev_root, *dev_id;
>  	unsigned int pos, len, current_id = 0;
> +	size_t devid_len = sizeof(struct bl_dev_id) - sizeof(unsigned char);
>  
>  	status = bldev_inquire_pages(fd, 0x83, &buffer);
>  	if (status)
> @@ -189,7 +190,11 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
>  	pos = 0;
>  	current_id = 0;
>  	len = dev_root->len;
> -	while (pos < (len - sizeof(struct bl_dev_id) + sizeof(unsigned char))) {
> +
> +	if (len < devid_len)
> +		goto out;
> +
> +	while (pos < (len - devid_len)) {
>  		dev_id = (struct bl_dev_id *)&(dev_root->data[pos]);
>  		if ((dev_id->ids & 0xf) < current_id)
>  			continue;
> @@ -221,8 +226,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
>  		}
>  		if (current_id == 3)
>  			break;
> -		pos += (dev_id->len + sizeof(struct bl_dev_id) -
> -			sizeof(unsigned char));
> +		pos += (dev_id->len + devid_len);
>  	}
>   out:
>  	if (!serial_out)
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-03-26 15:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-22 13:22 [PATCH] blkmapd: Make sure device root contains valid device id Kinglong Mee
2015-03-25  8:42 ` Christoph Hellwig
2015-03-26 15:29 ` Steve Dickson

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.