Date: Fri, 18 Jun 2021 21:49:10 GMT From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: edfcdffefc16 - main - LinuxKPI: fix sg_pcopy_from_buffer() Message-ID: <202106182149.15ILnAm1069292@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=edfcdffefc1671b7688c8806ae1f59484954dcc7 commit edfcdffefc1671b7688c8806ae1f59484954dcc7 Author: Bjoern A. Zeeb <bz@FreeBSD.org> AuthorDate: 2021-06-07 15:00:19 +0000 Commit: Bjoern A. Zeeb <bz@FreeBSD.org> CommitDate: 2021-06-18 21:20:10 +0000 LinuxKPI: fix sg_pcopy_from_buffer() In sg_pcopy_from_buffer() is an error in that skip can underflow and lead to bogus page arithmetics which may lead to memory corruption or more likely panics. Once we found a s/g page to copy into there is nothing to skip anymore so simply set skip to 0. Sponsored by: The FreeBSD Foundation MFC after: 5 days Reviewed by: hselasky Differential Revision: https://reviews.freebsd.org/D30676 --- sys/compat/linuxkpi/common/include/linux/scatterlist.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/compat/linuxkpi/common/include/linux/scatterlist.h b/sys/compat/linuxkpi/common/include/linux/scatterlist.h index ebf0632f6f58..5e42876facd0 100644 --- a/sys/compat/linuxkpi/common/include/linux/scatterlist.h +++ b/sys/compat/linuxkpi/common/include/linux/scatterlist.h @@ -520,12 +520,13 @@ sg_pcopy_from_buffer(struct scatterlist *sgl, unsigned int nents, memcpy(p, b, len); sf_buf_free(sf); + /* We copied so nothing more to skip. */ + skip = 0; copied += len; /* Either we exactly filled the page, or we are done. */ buflen -= len; if (buflen == 0) break; - skip -= len; b += len; } sched_unpin();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106182149.15ILnAm1069292>