On 22.06.2021 13:55, Vasily Averin wrote:
vz7 patch "fs/ceph: honor kernel direct aio changes v2" incorrectly
changed dio_get_pagev_size() function. Now it does not check end of
iovec array and access memory beyond its end.
This patch resotres original behaviour.
https://jira.sw.ru/browse/PSBM-130693
Fixes: ff1e3991a9c2("fs/ceph: honor kernel direct aio changes v2")
Signed-off-by: Vasily Averin <v...@virtuozzo.com>
---
fs/ceph/file.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index 4302940..8be9868 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -75,7 +75,7 @@ static __le32 ceph_flags_sys2wire(u32 flags)
static size_t dio_get_pagev_size(const struct iov_iter *it)
{
const struct iovec *iov = iov_iter_iovec(it);
- size_t total = iov_iter_count(it);
+ const struct iovec *iovend = iov + it->nr_segs;
size_t size;
size = iov->iov_len - it->iov_offset;
@@ -84,10 +84,8 @@ static size_t dio_get_pagev_size(const struct iov_iter *it)
* and the next base are page aligned.
*/
while (PAGE_ALIGNED((iov->iov_base + iov->iov_len)) &&
- PAGE_ALIGNED(((iov++)->iov_base))) {
- size_t n = min(iov->iov_len, total);
- size += n;
- total -= n;
+ (++iov < iovend && PAGE_ALIGNED((iov->iov_base)))) {
+ size += iov->iov_len;
}
dout("dio_get_pagevlen len = %zu\n", size);
return size;
The patch looks good to me.
Even with the fix, ceph does not seem stable enough in VZ7 to be
production-ready but that is a different story.
Reviewed-by: Evgenii Shatokhin <eshatok...@virtuozzo.com>
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
