Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp364127imm; Thu, 2 Aug 2018 21:12:49 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdEp7SzAWF32w7zWmnr+aTT68fVf2wPOdV1FjgDLQTimnkFv0PDlA7/9KzKEByImUSt306m X-Received: by 2002:a63:6fcc:: with SMTP id k195-v6mr2052778pgc.135.1533269569897; Thu, 02 Aug 2018 21:12:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533269569; cv=none; d=google.com; s=arc-20160816; b=nRWESvysdMjN09CFpwYWoOL2/lMnuXUXSrV000Onz3/lbzNiGADYzL1IuTPNy5I/mt 0OuKmTYQn18Bsom6tYZk6S4ZUSdNqjPIdF7Yh+jof8nRnZW1+Gqruz1ibeJCHEmTND8v dH1poMDs5Jmo+mPH+jtXbDdYjMiErkWoe2NB2ZQNmPLhblocaS0Tv0h/s5enc3CbhbGB oFBsyV5JQcdJP8XM58XvoaXNv0ng63/GPUApqfL7rtMrawgY2fF3Iruh1jTr4i/5pIoo BuLNDxZLTIyaiY/t5MDcbJ/UdTtvlSqO1kXcTZuM1MFQ3zZcNb4SB9cp2JjtsDekEioj SXCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:date:message-id:subject:from:cc:to :arc-authentication-results; bh=XfC02+grGqaUL13gic1GrmB5jw84F9z/abCCWo5cOxs=; b=plmCnplNbroTPj+C21XCPy4DOt3SSmow/7B1RBbfibGnJA9pfUw+zJkxE0Hjxd2xqq vKulU9o4VYmm4a+dLeIxOY5ujU29woCyPKOsDrD35Q+CTZGs2h0/5rfmBrqwg22g16xd /+rjY3KVJrCBSpiZ4ZfX/hl3Ds9phpVeBU/hEX97Tkou7XGZFfsNVX1Q8ytFlxbunoPh QIsXhw3Crrnd7JI6298NYTtiCirOBkpQO4jeTEugODt2Om4lTQvAkwpKy0KLAaXhGMfs aoURT90R2h2GK4+fRnJ0K3pr1PGmWNY8nXL2mGRpr8HgphqNsVan0m6NtDxOZcq8rwO1 ZjWg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h8-v6si3716088pgr.379.2018.08.02.21.12.34; Thu, 02 Aug 2018 21:12:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727343AbeHCGGD (ORCPT + 99 others); Fri, 3 Aug 2018 02:06:03 -0400 Received: from szxga07-in.huawei.com ([45.249.212.35]:36467 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726256AbeHCGGD (ORCPT ); Fri, 3 Aug 2018 02:06:03 -0400 Received: from DGGEMS412-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id 0D4ED9737305E; Fri, 3 Aug 2018 12:11:39 +0800 (CST) Received: from [127.0.0.1] (10.177.16.168) by DGGEMS412-HUB.china.huawei.com (10.3.19.212) with Microsoft SMTP Server id 14.3.399.0; Fri, 3 Aug 2018 12:11:36 +0800 To: Eric Van Hensbergen , Ron Minnich , Latchesar Ionkov , Dominique Martinet CC: Linux Kernel Mailing List , , From: jiangyiwen Subject: [V9fs-developer] [PATCH] net/9p: Modify the problem of BUG_ON judgment Message-ID: <5B63D5F6.6080109@huawei.com> Date: Fri, 3 Aug 2018 12:11:34 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.177.16.168] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Because the value of limit is VIRTQUEUE_NUM, if index is equal to limit, it will cause sg array out of bounds, so correct the judgement of BUG_ON. Signed-off-by: Yiwen Jiang --- net/9p/trans_virtio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c index 6265d1d..08264ba 100644 --- a/net/9p/trans_virtio.c +++ b/net/9p/trans_virtio.c @@ -191,7 +191,7 @@ static int pack_sg_list(struct scatterlist *sg, int start, s = rest_of_page(data); if (s > count) s = count; - BUG_ON(index > limit); + BUG_ON(index >= limit); /* Make sure we don't terminate early. */ sg_unmark_end(&sg[index]); sg_set_buf(&sg[index++], data, s); @@ -236,6 +236,7 @@ static int p9_virtio_cancel(struct p9_client *client, struct p9_req_t *req) s = PAGE_SIZE - data_off; if (s > count) s = count; + BUG_ON(index >= limit); /* Make sure we don't terminate early. */ sg_unmark_end(&sg[index]); sg_set_page(&sg[index++], pdata[i++], s, data_off); -- 1.8.3.1