From patchwork Sun Mar 22 13:22:59 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kinglong Mee X-Patchwork-Id: 6066671 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id A165D9F350 for ; Sun, 22 Mar 2015 13:23:15 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id CC5E120272 for ; Sun, 22 Mar 2015 13:23:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id ADC9620270 for ; Sun, 22 Mar 2015 13:23:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751719AbbCVNXK (ORCPT ); Sun, 22 Mar 2015 09:23:10 -0400 Received: from mail-pd0-f173.google.com ([209.85.192.173]:33173 "EHLO mail-pd0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751685AbbCVNXJ (ORCPT ); Sun, 22 Mar 2015 09:23:09 -0400 Received: by pdnc3 with SMTP id c3so158875777pdn.0 for ; Sun, 22 Mar 2015 06:23:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :content-type:content-transfer-encoding; bh=CDA2BWl2gWvTxMdtNtYsDSUdbmMT8d6PxvFodG46syk=; b=QqlmM64A4brFoGfvK7mlSbHnVgXd1hvRuiSlV1SLnUHLAPD+/6NybLPiiVamvtnsCN joIqsi445ce5Mwfn97aFuZeheAfz3cDeAbhqjn3AA6YS91Kd6FmSU4ajey+wuwsuy/z/ h1+MxflohOdomT9DJRD3ra15dkQN9ObDxLcZ1EBiQmH8Zdt21TcpRvEr4RIht0KO8Ykq 8HO2betJJe58jXylVS9derozYQDHBkoXAtZIC0togrSv1bbNW0hSr2kmHrz8v6vELDtP jgaRRSbfOSjRchOEqYjo7MBywICMry4JNwYu10+N7XjQMuCxWyWiPF0Bc5M78Ur0+N16 gqgw== X-Received: by 10.66.102.99 with SMTP id fn3mr182612662pab.118.1427030589050; Sun, 22 Mar 2015 06:23:09 -0700 (PDT) Received: from [192.168.99.3] ([104.143.41.80]) by mx.google.com with ESMTPSA id o17sm14050150pdj.26.2015.03.22.06.23.05 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 22 Mar 2015 06:23:08 -0700 (PDT) Message-ID: <550EC233.9090908@gmail.com> Date: Sun, 22 Mar 2015 21:22:59 +0800 From: Kinglong Mee User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Steve Dickson CC: rees@umich.edu, Linux NFS Mailing List Subject: [PATCH] blkmapd: Make sure device root contains valid device id Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When testing pnfs in virtual linux based on VirtualBox, blkmapd gets dev_root->len == 0, which causes it Segmentation fault. Signed-off-by: Kinglong Mee Reviewed-by: Christoph Hellwig --- utils/blkmapd/device-inq.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/utils/blkmapd/device-inq.c b/utils/blkmapd/device-inq.c index eabc70c..c5bf71f 100644 --- a/utils/blkmapd/device-inq.c +++ b/utils/blkmapd/device-inq.c @@ -179,6 +179,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename) char *buffer; struct bl_dev_id *dev_root, *dev_id; unsigned int pos, len, current_id = 0; + size_t devid_len = sizeof(struct bl_dev_id) - sizeof(unsigned char); status = bldev_inquire_pages(fd, 0x83, &buffer); if (status) @@ -189,7 +190,11 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename) pos = 0; current_id = 0; len = dev_root->len; - while (pos < (len - sizeof(struct bl_dev_id) + sizeof(unsigned char))) { + + if (len < devid_len) + goto out; + + while (pos < (len - devid_len)) { dev_id = (struct bl_dev_id *)&(dev_root->data[pos]); if ((dev_id->ids & 0xf) < current_id) continue; @@ -221,8 +226,7 @@ struct bl_serial *bldev_read_serial(int fd, const char *filename) } if (current_id == 3) break; - pos += (dev_id->len + sizeof(struct bl_dev_id) - - sizeof(unsigned char)); + pos += (dev_id->len + devid_len); } out: if (!serial_out)