mirror of
https://github.com/FEX-Emu/linux.git
synced 2024-12-26 11:28:28 +00:00
1487a688d8
A bug is found in striped_read() of fs/ceph/file.c. striped_read() calls ceph_zero_pape_vector_range(). The first argument, page_align + read + ret, passed to ceph_zero_pape_vector_range() is wrong. When a file has holes, this wrong parameter may cause memory corruption either in kernal space or user space. Kernel space memory may be corrupted in the case of non direct IO; user space memory may be corrupted in the case of direct IO. In the latter case, the application doing direct IO may crash due to memory corruption, as we have experienced. The correct value should be initial_align + read + ret, where intial_align = o_direct ? buf_align : io_align. Compared with page_align, the current page offest, initial_align is the initial page offest, which should be used to calculate the page and offset in ceph_zero_pape_vector_range(). Reported-by: caifeng zhu <zhucaifeng@unissoft-nj.com> Signed-off-by: Yan, Zheng <zyan@redhat.com> |
||
---|---|---|
.. | ||
acl.c | ||
addr.c | ||
cache.c | ||
cache.h | ||
caps.c | ||
ceph_frag.c | ||
debugfs.c | ||
dir.c | ||
export.c | ||
file.c | ||
inode.c | ||
ioctl.c | ||
ioctl.h | ||
Kconfig | ||
locks.c | ||
Makefile | ||
mds_client.c | ||
mds_client.h | ||
mdsmap.c | ||
snap.c | ||
strings.c | ||
super.c | ||
super.h | ||
xattr.c |