• D
    block: guard bvec iteration logic · b1fb2c52
    Dmitry Monakhov 提交于
    Currently if some one try to advance bvec beyond it's size we simply
    dump WARN_ONCE and continue to iterate beyond bvec array boundaries.
    This simply means that we endup dereferencing/corrupting random memory
    region.
    
    Sane reaction would be to propagate error back to calling context
    But bvec_iter_advance's calling context is not always good for error
    handling. For safity reason let truncate iterator size to zero which
    will break external iteration loop which prevent us from unpredictable
    memory range corruption. And even it caller ignores an error, it will
    corrupt it's own bvecs, not others.
    
    This patch does:
    - Return error back to caller with hope that it will react on this
    - Truncate iterator size
    
    Code was added long time ago here 4550dd6c, luckily no one hit it
    in real life :)
    Signed-off-by: NDmitry Monakhov <dmonakhov@openvz.org>
    Reviewed-by: NMing Lei <ming.lei@redhat.com>
    Reviewed-by: NMartin K. Petersen <martin.petersen@oracle.com>
    [hch: switch to true/false returns instead of errno values]
    Signed-off-by: NChristoph Hellwig <hch@lst.de>
    Signed-off-by: NJens Axboe <axboe@kernel.dk>
    b1fb2c52
bio.h 20.1 KB