linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] scsi_debug: Fix off-by-one bug when unmapping region
@ 2012-08-16 14:38 Lukas Czerner
  2012-08-17 16:11 ` Martin K. Petersen
  0 siblings, 1 reply; 5+ messages in thread
From: Lukas Czerner @ 2012-08-16 14:38 UTC (permalink / raw)
  To: linux-scsi; +Cc: JBottomley, tytso, pbonzini, linux-kernel, Lukas Czerner

Currently it is possible to unmap one more block than user requested to
due to the off-by-one error in unmap_region(). This is probably due to
the fact that the end variable despite its name actually points to the
last block to unmap + 1. However in the condition it is handled as the
last block of the region to unmap.

The bug was not previously spotted probably due to the fact that the
region was not zeroed, which has changed with commit
be1dd78de5686c062bb3103f9e86d444a10ed783. With that commit we were able
to corrupt the ext4 file system on 256M scsi_debug device with LBPRZ
enabled using fstrim.

Since the 'end' semantic is the same in several functions there this
commit just fixes the condition to use the 'end' variable correctly in
that context.

Reported-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
---
 drivers/scsi/scsi_debug.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 182d5a5..f4cc413 100644
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -2054,7 +2054,7 @@ static void unmap_region(sector_t lba, unsigned int len)
 		block = lba + alignment;
 		rem = do_div(block, granularity);
 
-		if (rem == 0 && lba + granularity <= end && block < map_size) {
+		if (rem == 0 && lba + granularity < end && block < map_size) {
 			clear_bit(block, map_storep);
 			if (scsi_debug_lbprz)
 				memset(fake_storep +
-- 
1.7.7.6


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] scsi_debug: Fix off-by-one bug when unmapping region
  2012-08-16 14:38 [PATCH] scsi_debug: Fix off-by-one bug when unmapping region Lukas Czerner
@ 2012-08-17 16:11 ` Martin K. Petersen
  2012-09-05 19:35   ` Lukáš Czerner
  2012-09-05 19:41   ` Douglas Gilbert
  0 siblings, 2 replies; 5+ messages in thread
From: Martin K. Petersen @ 2012-08-17 16:11 UTC (permalink / raw)
  To: Lukas Czerner; +Cc: linux-scsi, JBottomley, tytso, pbonzini, linux-kernel

>>>>> "Lukas" == Lukas Czerner <lczerner@redhat.com> writes:

Lukas> Currently it is possible to unmap one more block than user
Lukas> requested to due to the off-by-one error in unmap_region(). This
Lukas> is probably due to the fact that the end variable despite its
Lukas> name actually points to the last block to unmap + 1. However in
Lukas> the condition it is handled as the last block of the region to
Lukas> unmap.

Acked-by: Martin K. Petersen <martin.petersen@oracle.com>

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] scsi_debug: Fix off-by-one bug when unmapping region
  2012-08-17 16:11 ` Martin K. Petersen
@ 2012-09-05 19:35   ` Lukáš Czerner
  2012-09-05 19:41   ` Douglas Gilbert
  1 sibling, 0 replies; 5+ messages in thread
From: Lukáš Czerner @ 2012-09-05 19:35 UTC (permalink / raw)
  To: Martin K. Petersen
  Cc: Lukas Czerner, linux-scsi, JBottomley, tytso, pbonzini, linux-kernel

On Fri, 17 Aug 2012, Martin K. Petersen wrote:

> Date: Fri, 17 Aug 2012 12:11:50 -0400
> From: Martin K. Petersen <martin.petersen@oracle.com>
> To: Lukas Czerner <lczerner@redhat.com>
> Cc: linux-scsi@vger.kernel.org, JBottomley@parallels.com, tytso@mit.edu,
>     pbonzini@redhat.com, linux-kernel@vger.kernel.org
> Subject: Re: [PATCH] scsi_debug: Fix off-by-one bug when unmapping region
> 
> >>>>> "Lukas" == Lukas Czerner <lczerner@redhat.com> writes:
> 
> Lukas> Currently it is possible to unmap one more block than user
> Lukas> requested to due to the off-by-one error in unmap_region(). This
> Lukas> is probably due to the fact that the end variable despite its
> Lukas> name actually points to the last block to unmap + 1. However in
> Lukas> the condition it is handled as the last block of the region to
> Lukas> unmap.
> 
> Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
> 

I am still not seeing it in anywhere, is this going in any time soon
?

Thanks!
-Lukas

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] scsi_debug: Fix off-by-one bug when unmapping region
  2012-08-17 16:11 ` Martin K. Petersen
  2012-09-05 19:35   ` Lukáš Czerner
@ 2012-09-05 19:41   ` Douglas Gilbert
  2012-10-03 13:46     ` Lukáš Czerner
  1 sibling, 1 reply; 5+ messages in thread
From: Douglas Gilbert @ 2012-09-05 19:41 UTC (permalink / raw)
  To: Martin K. Petersen
  Cc: Lukas Czerner, linux-scsi, JBottomley, tytso, pbonzini, linux-kernel

On 12-08-17 12:11 PM, Martin K. Petersen wrote:
>>>>>> "Lukas" == Lukas Czerner <lczerner@redhat.com> writes:
>
> Lukas> Currently it is possible to unmap one more block than user
> Lukas> requested to due to the off-by-one error in unmap_region(). This
> Lukas> is probably due to the fact that the end variable despite its
> Lukas> name actually points to the last block to unmap + 1. However in
> Lukas> the condition it is handled as the last block of the region to
> Lukas> unmap.
>
> Acked-by: Martin K. Petersen <martin.petersen@oracle.com>

Acked-by: Douglas Gilbert <dgilbert@interlog.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] scsi_debug: Fix off-by-one bug when unmapping region
  2012-09-05 19:41   ` Douglas Gilbert
@ 2012-10-03 13:46     ` Lukáš Czerner
  0 siblings, 0 replies; 5+ messages in thread
From: Lukáš Czerner @ 2012-10-03 13:46 UTC (permalink / raw)
  To: Douglas Gilbert
  Cc: Martin K. Petersen, Lukas Czerner, linux-scsi, JBottomley, linux-kernel

On Wed, 5 Sep 2012, Douglas Gilbert wrote:

> Date: Wed, 05 Sep 2012 15:41:13 -0400
> From: Douglas Gilbert <dgilbert@interlog.com>
> To: Martin K. Petersen <martin.petersen@oracle.com>
> Cc: Lukas Czerner <lczerner@redhat.com>, linux-scsi@vger.kernel.org,
>     JBottomley@parallels.com, tytso@mit.edu, pbonzini@redhat.com,
>     linux-kernel@vger.kernel.org
> Subject: Re: [PATCH] scsi_debug: Fix off-by-one bug when unmapping region
> 
> On 12-08-17 12:11 PM, Martin K. Petersen wrote:
> > > > > > > "Lukas" == Lukas Czerner <lczerner@redhat.com> writes:
> > 
> > Lukas> Currently it is possible to unmap one more block than user
> > Lukas> requested to due to the off-by-one error in unmap_region(). This
> > Lukas> is probably due to the fact that the end variable despite its
> > Lukas> name actually points to the last block to unmap + 1. However in
> > Lukas> the condition it is handled as the last block of the region to
> > Lukas> unmap.
> > 
> > Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
> 
> Acked-by: Douglas Gilbert <dgilbert@interlog.com>

James, could you please pick this one ?

Thanks!
-Lukas

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-10-03 13:47 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-08-16 14:38 [PATCH] scsi_debug: Fix off-by-one bug when unmapping region Lukas Czerner
2012-08-17 16:11 ` Martin K. Petersen
2012-09-05 19:35   ` Lukáš Czerner
2012-09-05 19:41   ` Douglas Gilbert
2012-10-03 13:46     ` Lukáš Czerner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).