Re: [PATCH v2] fs/ceph/file: fix buffer overflow in __ceph_sync_read()

From: Max Kellermann
Date: Wed Nov 27 2024 - 15:43:58 EST

Next message: Jann Horn: "Re: bcachefs: suspicious mm pointer in struct dio_write"
Previous message: Alex Markuze: "Re: [PATCH v2] fs/ceph/file: fix buffer overflow in __ceph_sync_read()"
In reply to: Alex Markuze: "Re: [PATCH v2] fs/ceph/file: fix buffer overflow in __ceph_sync_read()"
Next in thread: Alex Markuze: "Re: [PATCH v2] fs/ceph/file: fix buffer overflow in __ceph_sync_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 27, 2024 at 9:40 PM Alex Markuze <amarkuze@xxxxxxxxxx> wrote:
> There is a fix for this proposed by Luis.

On the private security mailing list, I wrote about it:
"This patch is incomplete because it only checks for i_size==0.
Truncation to zero is the most common case, but any situation where
offset is suddenly larger than the new size triggers this bug."

I think my patch is better.

Next message: Jann Horn: "Re: bcachefs: suspicious mm pointer in struct dio_write"
Previous message: Alex Markuze: "Re: [PATCH v2] fs/ceph/file: fix buffer overflow in __ceph_sync_read()"
In reply to: Alex Markuze: "Re: [PATCH v2] fs/ceph/file: fix buffer overflow in __ceph_sync_read()"
Next in thread: Alex Markuze: "Re: [PATCH v2] fs/ceph/file: fix buffer overflow in __ceph_sync_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]