diff options
author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2021-06-07 15:00:19 +0000 |
---|---|---|
committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2021-06-18 21:20:10 +0000 |
commit | edfcdffefc1671b7688c8806ae1f59484954dcc7 (patch) | |
tree | ef41b24f28a5893bf51a07e593e2b9376b590df9 /sys/compat | |
parent | d4a4960c6559caa890af0901a21296e75b961210 (diff) | |
download | src-edfcdffefc1671b7688c8806ae1f59484954dcc7.tar.gz src-edfcdffefc1671b7688c8806ae1f59484954dcc7.zip |
LinuxKPI: fix sg_pcopy_from_buffer()
In sg_pcopy_from_buffer() is an error in that skip can underflow
and lead to bogus page arithmetics which may lead to memory corruption
or more likely panics. Once we found a s/g page to copy into there
is nothing to skip anymore so simply set skip to 0.
Sponsored by: The FreeBSD Foundation
MFC after: 5 days
Reviewed by: hselasky
Differential Revision: https://reviews.freebsd.org/D30676
Diffstat (limited to 'sys/compat')
-rw-r--r-- | sys/compat/linuxkpi/common/include/linux/scatterlist.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/compat/linuxkpi/common/include/linux/scatterlist.h b/sys/compat/linuxkpi/common/include/linux/scatterlist.h index ebf0632f6f58..5e42876facd0 100644 --- a/sys/compat/linuxkpi/common/include/linux/scatterlist.h +++ b/sys/compat/linuxkpi/common/include/linux/scatterlist.h @@ -520,12 +520,13 @@ sg_pcopy_from_buffer(struct scatterlist *sgl, unsigned int nents, memcpy(p, b, len); sf_buf_free(sf); + /* We copied so nothing more to skip. */ + skip = 0; copied += len; /* Either we exactly filled the page, or we are done. */ buflen -= len; if (buflen == 0) break; - skip -= len; b += len; } sched_unpin(); |