From: Naohiro Aota <naohiro.aota@wdc.com>
To: Qu Wenruo <quwenruo.btrfs@gmx.com>
Cc: Nikolay Borisov <nborisov@suse.com>,
linux-btrfs@vger.kernel.org, David Sterba <dsterba@suse.com>
Subject: Re: [PATCH] btrfs: fix extent buffer read/write range checks
Date: Fri, 26 Jul 2019 17:15:18 +0900 [thread overview]
Message-ID: <20190726081518.ilukyrpdsrioiq36@naota.dhcp.fujisawa.hgst.com> (raw)
In-Reply-To: <71f0399e-0719-ca8c-cb7b-aba5de5d0c5a@gmx.com>
On Fri, Jul 26, 2019 at 02:36:10PM +0800, Qu Wenruo wrote:
>
>
>On 2019/7/26 下午2:13, Naohiro Aota wrote:
>> On Fri, Jul 26, 2019 at 08:38:27AM +0300, Nikolay Borisov wrote:
>>>
>>>
>>> On 26.07.19 г. 8:27 ч., Naohiro Aota wrote:
>>>> Several functions to read/write an extent buffer check if specified
>>>> offset
>>>> range resides in the size of the extent buffer. However, those checks
>>>> have
>>>> two problems:
>>>>
>>>> (1) they don't catch "start == eb->len" case.
>>>> (2) it checks offset in extent buffer against logical address using
>>>> eb->start.
>>>>
>>>> Generally, eb->start is much larger than the offset, so the second
>>>> WARN_ON
>>>> was almost useless.
>>>>
>>>> Fix these problems in read_extent_buffer_to_user(),
>>>> {memcmp,write,memzero}_extent_buffer().
>>>>
>>>> Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
>>>
>>> Qu already sent similar patch:
>>>
>>> [PATCH v2 1/5] btrfs: extent_io: Do extra check for extent buffer read
>>> write functions
>>>
>>>
>>> He centralised the checking code, your >= fixes though should be merged
>>> there.
>>
>> Oops, I missed that series. Thank you for pointing out. Then, this
>> should be merged into Qu's version.
>>
>> Qu, could you pick the change from "start > eb->len" to "start >= eb->len"?
>
> start >= eb->len is not always invalid.
>
> start == eb->len while len == 0 is still valid.
Correct.
But then, we can even say "start > eb->len" is valid if len == 0?
> Or should we also warn such bad practice?
Maybe...
Or how about let the callers bailing out by e.g. "if (!len) return 1;"
in the check function?
Regards,
Naohiro
next prev parent reply other threads:[~2019-07-26 8:15 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-26 5:27 [PATCH] btrfs: fix extent buffer read/write range checks Naohiro Aota
2019-07-26 5:38 ` Nikolay Borisov
2019-07-26 6:13 ` Naohiro Aota
2019-07-26 6:36 ` Qu Wenruo
2019-07-26 8:15 ` Naohiro Aota [this message]
2019-07-26 8:26 ` Qu Wenruo
2019-07-29 5:07 ` Qu Wenruo
2019-07-29 6:46 ` Nikolay Borisov
2019-07-29 6:54 ` Qu Wenruo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190726081518.ilukyrpdsrioiq36@naota.dhcp.fujisawa.hgst.com \
--to=naohiro.aota@wdc.com \
--cc=dsterba@suse.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=nborisov@suse.com \
--cc=quwenruo.btrfs@gmx.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).