On Fri, Jul 26, 2019 at 02:36:10PM +0800, Qu Wenruo wrote:
On 2019/7/26 下午2:13, Naohiro Aota wrote:
On Fri, Jul 26, 2019 at 08:38:27AM +0300, Nikolay Borisov wrote:
On 26.07.19 г. 8:27 ч., Naohiro Aota wrote:
Several functions to read/write an extent buffer check if specified
offset
range resides in the size of the extent buffer. However, those checks
have
two problems:
(1) they don't catch "start == eb->len" case.
(2) it checks offset in extent buffer against logical address using
eb->start.
Generally, eb->start is much larger than the offset, so the second
WARN_ON
was almost useless.
Fix these problems in read_extent_buffer_to_user(),
{memcmp,write,memzero}_extent_buffer().
Signed-off-by: Naohiro Aota <naohiro.aota@xxxxxxx>
Qu already sent similar patch:
[PATCH v2 1/5] btrfs: extent_io: Do extra check for extent buffer read
write functions
He centralised the checking code, your >= fixes though should be merged
there.
Oops, I missed that series. Thank you for pointing out. Then, this
should be merged into Qu's version.
Qu, could you pick the change from "start > eb->len" to "start >= eb->len"?
start >= eb->len is not always invalid.
start == eb->len while len == 0 is still valid.
Correct.
But then, we can even say "start > eb->len" is valid if len == 0?
Or should we also warn such bad practice?
Maybe...
Or how about let the callers bailing out by e.g. "if (!len) return 1;"
in the check function?
Regards,
Naohiro
