[PATCH] CA-392151: fix nfs gup uninitialized iov_offset defect

From: Chunjie Zhu
Date: Mon Aug 05 2024 - 03:59:50 EST

Next message: Ricardo Ribalda: "[PATCH] media: siano: Simplify smscore_load_firmware_from_file"
Previous message: Yuan Yao: "Re: [RFC PATCH 9/9] KVM: x86/mmu: Track SPTE accessed info across mmu_notifier PROT changes"
Next in thread: Al Viro: "Re: [PATCH] CA-392151: fix nfs gup uninitialized iov_offset defect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

nfs aio code path, iov_offset is not initialized before used

nfs aio function call graph,
io_submit
aio_read
aio_setup_rw
import_single_range
iov_iter_ubuf # do not initialize iov_offset
call_read_iter
nfs_file_read
nfs_file_direct_read
nfs_direct_read_schedule_iovec
iov_iter_get_pages_alloc2
__iov_iter_get_pages_alloc
first_iovec_segment # iov_offset is used, not initialized

Signed-off-by: Chunjie Zhu <chunjie.zhu@xxxxxxxxx>
---
include/linux/uio.h | 1 +
1 file changed, 1 insertion(+)

diff --git a/include/linux/uio.h b/include/linux/uio.h
index 42bce38a8e87..2121424204c2 100644
--- a/include/linux/uio.h
+++ b/include/linux/uio.h
@@ -386,6 +386,7 @@ static inline void iov_iter_ubuf(struct iov_iter *i, unsigned int direction,
.user_backed = true,
.data_source = direction,
.ubuf = buf,
+ .iov_offset = 0,
.count = count,
.nr_segs = 1
};
--
2.34.1

Next message: Ricardo Ribalda: "[PATCH] media: siano: Simplify smscore_load_firmware_from_file"
Previous message: Yuan Yao: "Re: [RFC PATCH 9/9] KVM: x86/mmu: Track SPTE accessed info across mmu_notifier PROT changes"
Next in thread: Al Viro: "Re: [PATCH] CA-392151: fix nfs gup uninitialized iov_offset defect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]