[RFC PATCH v1 6/8] zram: avoid access beyond the zram device

Jiang Liu Mon, 03 Jun 2013 08:47:22 -0700

Function valid_io_request() should verify the entire request doesn't
exceed the zram device, otherwise it will cause invalid memory access.


Signed-off-by: Jiang Liu <jiang....@huawei.com>
---
 drivers/staging/zram/zram_drv.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
index 66cf28a..64b51b9 100644
--- a/drivers/staging/zram/zram_drv.c
+++ b/drivers/staging/zram/zram_drv.c
@@ -428,6 +428,10 @@ static inline int valid_io_request(struct zram *zram, 
struct bio *bio)
                return 0;
        }
 
+       if (unlikely((bio->bi_sector << SECTOR_SHIFT) + bio->bi_size >=
+                    zram->disksize))
+               return 0;
+
        /* I/O request is valid */
        return 1;
 }
-- 
1.8.1.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[RFC PATCH v1 6/8] zram: avoid access beyond the zram device

Reply via email to