d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LinuxKPI: fix sg_pcopy_from_buffer()

Browse Source 
In sg_pcopy_from_buffer() is an error in that skip can underflow
and lead to bogus page arithmetics which may lead to memory corruption
or more likely panics.  Once we found a s/g page to copy into there
is nothing to skip anymore so simply set skip to 0.

Sponsored by:	The FreeBSD Foundation
MFC after:	5 days
Reviewed by:	hselasky
Differential Revision: https://reviews.freebsd.org/D30676
This commit is contained in:
Bjoern A. Zeeb 2021-06-07 15:00:19 +00:00
parent d4a4960c65
commit edfcdffefc
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/compat/linuxkpi/common/include/linux/scatterlist.h
View File

@ -520,12 +520,13 @@ sg_pcopy_from_buffer(struct scatterlist *sgl, unsigned int nents,
memcpy(p, b, len);
sf_buf_free(sf);
/* We copied so nothing more to skip. */
skip = 0;
copied += len;
/* Either we exactly filled the page, or we are done. */
buflen -= len;
if (buflen == 0)
break;
skip -= len;
b += len;
}
sched_unpin();