[PATCH RESEND] btrfs: Change iov_iter_alignment_iovec to check iovec count before accesses an iovec

From: Dennis Lam
Date: Sun Jul 21 2024 - 16:59:01 EST

Next message: Artem S. Tashkinov: "Linux 6.10 regression resulting in a crash when using an ext4 filesystem"
Previous message: Waiman Long: "Re: [PATCH] locking/pvqspinlock: Correct the type of "old" variable in pv_kick_node()"
In reply to: Dennis Lam: "[PATCH] btrfs: Change iov_iter_alignment_iovec to check iovec count before accesses an iovec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When checking iov_iter_alignment_iovec for valid read and the iovec is empty,
the function still tries to iterate non-existant values. In this case, the iov
variable is empty and attempting to use iov->iov_len causes a kernel crash.

This patch fixes this by checking the size of the iovec before iterating.

Resent this patch in thread because one of the emails I pasted was wrong.

Signed-off-by: Dennis Lam <dennis.lamerice@xxxxxxxxx>
---
lib/iov_iter.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 4a6a9f419bd7..2d82ecf1b622 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -783,7 +783,7 @@ static unsigned long iov_iter_alignment_iovec(const struct iov_iter *i)
size_t size = i->count;
size_t skip = i->iov_offset;

- do {
+ while(size) {
size_t len = iov->iov_len - skip;
if (len) {
res |= (unsigned long)iov->iov_base + skip;
@@ -794,7 +794,7 @@ static unsigned long iov_iter_alignment_iovec(const struct iov_iter *i)
}
iov++;
skip = 0;
- } while (size);
+ }
return res;
}

--
2.45.2

Next message: Artem S. Tashkinov: "Linux 6.10 regression resulting in a crash when using an ext4 filesystem"
Previous message: Waiman Long: "Re: [PATCH] locking/pvqspinlock: Correct the type of "old" variable in pv_kick_node()"
In reply to: Dennis Lam: "[PATCH] btrfs: Change iov_iter_alignment_iovec to check iovec count before accesses an iovec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]