blkmapd: Make sure device root contains valid device id

Message ID	550EC233.9090908@gmail.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-nfs-owner@kernel.org> Message-ID: <550EC233.9090908@gmail.com> Date: Sun, 22 Mar 2015 21:22:59 +0800 From: Kinglong Mee <kinglongmee@gmail.com> User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Steve Dickson <SteveD@redhat.com> CC: rees@umich.edu, Linux NFS Mailing List <linux-nfs@vger.kernel.org> Subject: [PATCH] blkmapd: Make sure device root contains valid device id Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk

Message ID

550EC233.9090908@gmail.com (mailing list archive)

State

New, archived

Headers

Message-ID: <550EC233.9090908@gmail.com>
Date: Sun, 22 Mar 2015 21:22:59 +0800
From: Kinglong Mee <kinglongmee@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
	rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Steve Dickson <SteveD@redhat.com>
CC: rees@umich.edu, Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: [PATCH] blkmapd: Make sure device root contains valid device id
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk

Commit Message

Kinglong Mee March 22, 2015, 1:22 p.m. UTC

When testing pnfs in virtual linux based on VirtualBox,
blkmapd gets dev_root->len == 0, which causes it Segmentation fault.

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
---
 utils/blkmapd/device-inq.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

Comments

Christoph Hellwig March 25, 2015, 8:42 a.m. UTC | #1

On Sun, Mar 22, 2015 at 09:22:59PM +0800, Kinglong Mee wrote:
> When testing pnfs in virtual linux based on VirtualBox,
> blkmapd gets dev_root->len == 0, which causes it Segmentation fault.

VirtualBox learly returns bogus values here, but it's always better to
be defensive, so:

Reviewed-by: Christoph Hellwig <hch@lst.de>
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Steve Dickson March 26, 2015, 3:29 p.m. UTC | #2

On 03/22/2015 09:22 AM, Kinglong Mee wrote:
> When testing pnfs in virtual linux based on VirtualBox,
> blkmapd gets dev_root->len == 0, which causes it Segmentation fault.
> 
> Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Committed...

steved.

> ---
>  utils/blkmapd/device-inq.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/utils/blkmapd/device-inq.c b/utils/blkmapd/device-inq.c
> index eabc70c..c5bf71f 100644
> --- a/utils/blkmapd/device-inq.c
> +++ b/utils/blkmapd/device-inq.c
> @@ -179,6 +179,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
>  	char *buffer;
>  	struct bl_dev_id *dev_root, *dev_id;
>  	unsigned int pos, len, current_id = 0;
> +	size_t devid_len = sizeof(struct bl_dev_id) - sizeof(unsigned char);
>  
>  	status = bldev_inquire_pages(fd, 0x83, &buffer);
>  	if (status)
> @@ -189,7 +190,11 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
>  	pos = 0;
>  	current_id = 0;
>  	len = dev_root->len;
> -	while (pos < (len - sizeof(struct bl_dev_id) + sizeof(unsigned char))) {
> +
> +	if (len < devid_len)
> +		goto out;
> +
> +	while (pos < (len - devid_len)) {
>  		dev_id = (struct bl_dev_id *)&(dev_root->data[pos]);
>  		if ((dev_id->ids & 0xf) < current_id)
>  			continue;
> @@ -221,8 +226,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename)
>  		}
>  		if (current_id == 3)
>  			break;
> -		pos += (dev_id->len + sizeof(struct bl_dev_id) -
> -			sizeof(unsigned char));
> +		pos += (dev_id->len + devid_len);
>  	}
>   out:
>  	if (!serial_out)
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/utils/blkmapd/device-inq.c b/utils/blkmapd/device-inq.c
index eabc70c..c5bf71f 100644
--- a/utils/blkmapd/device-inq.c
+++ b/utils/blkmapd/device-inq.c
@@ -179,6 +179,7 @@  struct bl_serial *bldev_read_serial(int fd, const char *filename)
 	char *buffer;
 	struct bl_dev_id *dev_root, *dev_id;
 	unsigned int pos, len, current_id = 0;
+	size_t devid_len = sizeof(struct bl_dev_id) - sizeof(unsigned char);
 
 	status = bldev_inquire_pages(fd, 0x83, &buffer);
 	if (status)
@@ -189,7 +190,11 @@  struct bl_serial *bldev_read_serial(int fd, const char *filename)
 	pos = 0;
 	current_id = 0;
 	len = dev_root->len;
-	while (pos < (len - sizeof(struct bl_dev_id) + sizeof(unsigned char))) {
+
+	if (len < devid_len)
+		goto out;
+
+	while (pos < (len - devid_len)) {
 		dev_id = (struct bl_dev_id *)&(dev_root->data[pos]);
 		if ((dev_id->ids & 0xf) < current_id)
 			continue;
@@ -221,8 +226,7 @@  struct bl_serial *bldev_read_serial(int fd, const char *filename)
 		}
 		if (current_id == 3)
 			break;
-		pos += (dev_id->len + sizeof(struct bl_dev_id) -
-			sizeof(unsigned char));
+		pos += (dev_id->len + devid_len);
 	}
  out:
 	if (!serial_out)

blkmapd: Make sure device root contains valid device id

Commit Message

Comments

Patch