Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp78546imm; Thu, 2 Aug 2018 23:19:13 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeazMuObQevh5b1gPutlORlsKQtnI3TiVaPVjalJaiseqC3xJtxb/oXq+/sMEkpdGemf6AZ X-Received: by 2002:a17:902:b28:: with SMTP id 37-v6mr2232498plq.337.1533277153089; Thu, 02 Aug 2018 23:19:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533277153; cv=none; d=google.com; s=arc-20160816; b=ed2JqVnwlABKexLjDlWttxWbDQbqLwBDmuN67B3k9rQmTu6V3aOWg95Z6ilX+GmAiw N5lybc2t1HdHT+u/k37HUccxizX6W/QEJRQfVgLuKl2Y3RtVPXItpBZdvlDt6YPx7AHz M7ayVqC3bHssG/Kmw+t2GoFNI+KFGa3TNuwcSOZAKmHlWTXCVjR7N7z6VvavSFWHHC2a uhmwh4DXqoYMozq4zL3uPNUfXHQBJh70mtAwrz+XQHQPo7SEcYZ3xeHx9/Yyakdyjl6V C6ju8FZs7ICPXgZ2jgOOxdWrM9T9DgCy/tu7QMrl09TFtb2uou37sEEVA2zrvyqrK5vw 3GyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:cc:references:to :subject:arc-authentication-results; bh=6Dn9wKEAx2AlRKGVeKVV6EyfNHgHd375Tszv/PjqGJg=; b=rMdNS+hOT0EUsTet/hdtfZN8JENWokjN6vh76DDY8pxNpe1jp/OEW9zRWUB8a4L4it rt1uPG+oy899iz/3WjKzFv3OvB7ijtA2hMyEMPtXjtN1EPv+lkXIpxkqfGIfzbIH922r 5yb+ixu+a6tS6/yrFZ/NdyVXwj+EhM+oDtGfbzx+RUZ44KMq5qZNLl948leJcdNfOXUq EIFr83KhJ0r8fywszv5ze+5TgmtDj4Pdl1aqKl4XjOhXemGiYhTUcDJsfU2IuS/HSo0X RJ4RMUho34FVMC/bVDnN8IrBHRb97EAXC70ln7jPx+T5WifWFCD4NfG/3Sh7vM1JewhQ F99g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m192-v6si3481608pga.398.2018.08.02.23.18.58; Thu, 02 Aug 2018 23:19:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728158AbeHCIMw (ORCPT + 99 others); Fri, 3 Aug 2018 04:12:52 -0400 Received: from szxga04-in.huawei.com ([45.249.212.190]:10617 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726792AbeHCIMv (ORCPT ); Fri, 3 Aug 2018 04:12:51 -0400 Received: from DGGEMS408-HUB.china.huawei.com (unknown [172.30.72.59]) by Forcepoint Email with ESMTP id 627FDD5902276; Fri, 3 Aug 2018 14:18:04 +0800 (CST) Received: from [127.0.0.1] (10.177.16.168) by DGGEMS408-HUB.china.huawei.com (10.3.19.208) with Microsoft SMTP Server id 14.3.399.0; Fri, 3 Aug 2018 14:18:00 +0800 Subject: Re: [V9fs-developer] [PATCH] net/9p: Modify the problem of BUG_ON judgment To: Dominique Martinet References: <5B63D5F6.6080109@huawei.com> <20180803042308.GA4618@nautica> CC: Eric Van Hensbergen , Ron Minnich , Latchesar Ionkov , Linux Kernel Mailing List , , From: jiangyiwen Message-ID: <5B63F396.3090507@huawei.com> Date: Fri, 3 Aug 2018 14:17:58 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: <20180803042308.GA4618@nautica> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.177.16.168] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018/8/3 12:23, Dominique Martinet wrote: > jiangyiwen wrote on Fri, Aug 03, 2018: >> Because the value of limit is VIRTQUEUE_NUM, if index is equal to >> limit, it will cause sg array out of bounds, so correct the judgement >> of BUG_ON. >> >> Signed-off-by: Yiwen Jiang > > I'm not sure you've acted on his mail or if you found this > independantly, but this was reported by Dan Carpenter on the list in > June. > Would you mind if I add a tag for him? > Reported-by: Dan Carpenter > > That aside this looks good, I'll take it. > Sorry, I didn't see it before, I tested this problem a few days ago. It is true that this problem was discovered first by him. Thank you for adding him. >> --- >> net/9p/trans_virtio.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c >> index 6265d1d..08264ba 100644 >> --- a/net/9p/trans_virtio.c >> +++ b/net/9p/trans_virtio.c >> @@ -191,7 +191,7 @@ static int pack_sg_list(struct scatterlist *sg, int start, >> s = rest_of_page(data); >> if (s > count) >> s = count; >> - BUG_ON(index > limit); >> + BUG_ON(index >= limit); >> /* Make sure we don't terminate early. */ >> sg_unmark_end(&sg[index]); >> sg_set_buf(&sg[index++], data, s); >> @@ -236,6 +236,7 @@ static int p9_virtio_cancel(struct p9_client *client, struct p9_req_t *req) >> s = PAGE_SIZE - data_off; >> if (s > count) >> s = count; >> + BUG_ON(index >= limit); >> /* Make sure we don't terminate early. */ >> sg_unmark_end(&sg[index]); >> sg_set_page(&sg[index++], pdata[i++], s, data_off); >