Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752120AbbKKCbv (ORCPT ); Tue, 10 Nov 2015 21:31:51 -0500 Received: from mail-io0-f181.google.com ([209.85.223.181]:35685 "EHLO mail-io0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751476AbbKKCbu (ORCPT ); Tue, 10 Nov 2015 21:31:50 -0500 MIME-Version: 1.0 In-Reply-To: <20151111022552.GA30482@kernel.dk> References: <55CB5484.6080000@oracle.com> <20150815161338.4ea210ff@as> <55D1A6D4.3080605@gmail.com> <20150819054650.GD18890@ZenIV.linux.org.uk> <55FB75D0.7060403@oracle.com> <560C5469.5010704@oracle.com> <20151106013402.GT22011@ZenIV.linux.org.uk> <20151106021858.GU22011@ZenIV.linux.org.uk> <20151111022552.GA30482@kernel.dk> Date: Tue, 10 Nov 2015 18:31:49 -0800 X-Google-Sender-Auth: yHC8K4BgUDQ9QqXyTKEZui5nauM Message-ID: Subject: Re: fs: out of bounds on stack in iov_iter_advance From: Linus Torvalds To: Jens Axboe Cc: Al Viro , Sasha Levin , Andrey Ryabinin , Matthew Wilcox , Chuck Ebbert , linux-fsdevel , LKML , Dan Williams Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2578 Lines: 67 On Tue, Nov 10, 2015 at 6:25 PM, Jens Axboe wrote: > On Tue, Nov 10 2015, Linus Torvalds wrote: >> Al, ping? >> >> On Thu, Nov 5, 2015 at 7:38 PM, Linus Torvalds >> wrote: >> > On Thu, Nov 5, 2015 at 6:19 PM, Al Viro wrote: >> >> >> >> How are we going to handle that one? I can put it into mainline pull >> >> request via vfs.git, with Cc: stable, but if e.g. Jens prefers to take it >> >> via the block tree, I'll be glad to leave it for him to deal with. >> > >> > Put it in the vfs tree (I'm hoping for a pull request soon..) >> > >> > I pulled the block trees from Jens yesterday, so there is presumably >> > nothing pending there right now. >> >> Apparently my "hoping for a pull request soon" was ridiculously optimistic. >> >> Al, looking at the most recent linux-next, most of the vfs commits >> there seem to be committed in the last day or two. I'm getting the >> feeling that that is all 4.5 material by now. >> >> Should I just take the iov patch as-is, since apparently no vfs pull >> request is happening this merge cycle? And no, I'm not taking >> "developed during the second week of the merge window, and sent in the >> last few days of it". I'm done with that. > > I've got 8 other patches pending for a post core merge, just waiting for > the last core pull request to go in. I haven't seen this iov iter fix, > though. It was in this thread, looked like this (without the whitespace damage): dax_io(): don't let non-error value escape via retval instead of EFAULT Signed-off-by: Al Viro --- diff --git a/fs/dax.c b/fs/dax.c index a86d3cc..7b653e9 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -169,8 +169,10 @@ static ssize_t dax_io(struct inode *inode, struct iov_iter *iter, else len = iov_iter_zero(max - pos, iter); - if (!len) + if (!len) { + retval = -EFAULT; break; + } pos += len; addr += len; although I don't think I saw a confirmation that that was what Sasha actually hit (but Sasha had narrowed it down to DAX, so it looks possible/likely) Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/