• E
    iomap: don't search past page end in iomap_is_partially_uptodate · 3cc31fa6
    Eric Sandeen 提交于
    iomap_is_partially_uptodate() is intended to check wither blocks within
    the selected range of a not-uptodate page are uptodate; if the range we
    care about is up to date, it's an optimization.
    
    However, the iomap implementation continues to check all blocks up to
    from+count, which is beyond the page, and can even be well beyond the
    iop->uptodate bitmap.
    
    I think the worst that will happen is that we may eventually find a zero
    bit and return "not partially uptodate" when it would have otherwise
    returned true, and skip the optimization.  Still, it's clearly an invalid
    memory access that must be fixed.
    
    So: fix this by limiting the search to within the page as is done in the
    non-iomap variant, block_is_partially_uptodate().
    
    Zorro noticed thiswhen KASAN went off for 512 byte blocks on a 64k
    page system:
    
     BUG: KASAN: slab-out-of-bounds in iomap_is_partially_uptodate+0x1a0/0x1e0
     Read of size 8 at addr ffff800120c3a318 by task fsstress/22337
    Reported-by: NZorro Lang <zlang@redhat.com>
    Signed-off-by: NEric Sandeen <sandeen@redhat.com>
    Signed-off-by: NEric Sandeen <sandeen@sandeen.net>
    Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
    Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
    3cc31fa6
iomap.c 53.4 KB