[PATCH] uml: ubd can access uninitialized memory
From: Steve VanDeBogart
Date: Fri Aug 29 2008 - 19:26:44 EST
ubd_kern.c:do_io() may access uninitialized memory and divide requests
into smaller chunks than necessary. Found with Valgrind.
Signed-off-by: Steve VanDeBogart <vandebo-lkml@xxxxxxxxxxx>
---
Index: linux-2.6.27-rc5/arch/um/drivers/ubd_kern.c
===================================================================
--- linux-2.6.27-rc5.orig/arch/um/drivers/ubd_kern.c 2008-08-29 15:50:19.000000000 -0700
+++ linux-2.6.27-rc5/arch/um/drivers/ubd_kern.c 2008-08-29 15:51:48.000000000 -0700
@@ -1218,8 +1218,7 @@
struct ubd *ubd_dev = disk->private_data;
io_req->req = req;
- io_req->fds[0] = (ubd_dev->cow.file != NULL) ? ubd_dev->cow.fd :
- ubd_dev->fd;
+ io_req->fds[0] = (ubd_dev->cow.file == NULL) ? -1 : ubd_dev->cow.fd;
io_req->fds[1] = ubd_dev->fd;
io_req->cow_offset = -1;
io_req->offset = offset;
@@ -1374,12 +1373,18 @@
nsectors = req->length / req->sectorsize;
start = 0;
do {
- bit = ubd_test_bit(start, (unsigned char *) &req->sector_mask);
- end = start;
- while((end < nsectors) &&
- (ubd_test_bit(end, (unsigned char *)
- &req->sector_mask) == bit))
- end++;
+ if (req->fds[0] == -1) {
+ bit = 1;
+ end = nsectors;
+ } else {
+ bit = ubd_test_bit(start,
+ (unsigned char *) &req->sector_mask);
+ end = start;
+ while ((end < nsectors) &&
+ (ubd_test_bit(end, (unsigned char *)
+ &req->sector_mask) == bit))
+ end++;
+ }
off = req->offset + req->offsets[bit] +
start * req->sectorsize;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/