mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-06 05:06:29 +00:00
block: make sure that bvec length can't be overflow
bvec->bv_offset may be bigger than PAGE_SIZE sometimes, such as,
when one bio is splitted in the middle of one bvec via bio_split(),
and bi_iter.bi_bvec_done is used to build offset of the 1st bvec of
remained bio. And the remained bio's bvec may be re-submitted to fs
layer via ITER_IBVEC, such as loop and nvme-loop.
So we have to make sure that every bvec's offset is less than
PAGE_SIZE from bio_for_each_segment_all() because some drivers(loop,
nvme-loop) passes the splitted bvec to fs layer via ITER_BVEC.
This patch fixes this issue reported by Zhang Yi When running nvme/011.
Cc: Christoph Hellwig <hch@lst.de>
Cc: Yi Zhang <yi.zhang@redhat.com>
Reported-by: Yi Zhang <yi.zhang@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Fixes: 6dc4f100c1
("block: allow bio_for_each_segment_all() to iterate over multi-page bvec")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
This commit is contained in:
parent
b40fabc05e
commit
6bedf00e55
@ -160,8 +160,9 @@ static inline void bvec_advance(const struct bio_vec *bvec,
|
||||
bv->bv_page = nth_page(bv->bv_page, 1);
|
||||
bv->bv_offset = 0;
|
||||
} else {
|
||||
bv->bv_page = bvec->bv_page;
|
||||
bv->bv_offset = bvec->bv_offset;
|
||||
bv->bv_page = bvec_nth_page(bvec->bv_page, bvec->bv_offset /
|
||||
PAGE_SIZE);
|
||||
bv->bv_offset = bvec->bv_offset & ~PAGE_MASK;
|
||||
}
|
||||
bv->bv_len = min_t(unsigned int, PAGE_SIZE - bv->bv_offset,
|
||||
bvec->bv_len - iter_all->done);
|
||||
|
Loading…
Reference in New Issue
Block a user