From: frank zago Date: Sun, 18 Sep 2016 20:38:17 +0000 (-0400) Subject: staging: lustre: llog: prevent out-of-bound index X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=2ce3647e9aba981f968f42f75f6b0af79332fee3;p=linux-beck.git staging: lustre: llog: prevent out-of-bound index llog_process_thread() can be called from llog_cat_process_cb with an index already out of bound, leading to the following crash: LustreError: 3773:0:(llog.c:310:llog_process_thread()) ASSERTION(index <= last_index + 1 ) failed: LustreError: 3773:0:(llog.c:310:llog_process_thread()) LBUG #0 [ffff8801144bf900] machine_kexec at ffffffff81038f3b #1 [ffff8801144bf960] crash_kexec at ffffffff810c5d82 #2 [ffff8801144bfa30] panic at ffffffff8152798a #3 [ffff8801144bfab0] lbug_with_loc at ffffffffa02f8eeb [libcfs] #4 [ffff8801144bfad0] llog_process_thread at ffffffffa0413fff [obdclass] #5 [ffff8801144bfb80] llog_process_or_fork at ffffffffa041585f [obdclass] #6 [ffff8801144bfbd0] llog_cat_process_cb at ffffffffa0418612 [obdclass] #7 [ffff8801144bfc30] llog_process_thread at ffffffffa0413c22 [obdclass] #8 [ffff8801144bfce0] llog_process_or_fork at ffffffffa041585f [obdclass] #9 [ffff8801144bfd30] llog_cat_process_or_fork at ffffffffa0416b9d [obdclass] If index is too big, simply return success. Signed-off-by: frank zago Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5635 Reviewed-on: http://review.whamcloud.com/12161 Reviewed-by: Jinshan Xiong Reviewed-by: Patrick Farrell Reviewed-by: John L. Hammond Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/lustre/lustre/obdclass/llog.c b/drivers/staging/lustre/lustre/obdclass/llog.c index 119372cf2dc8..43797f106745 100644 --- a/drivers/staging/lustre/lustre/obdclass/llog.c +++ b/drivers/staging/lustre/lustre/obdclass/llog.c @@ -235,6 +235,10 @@ static int llog_process_thread(void *arg) else last_index = LLOG_BITMAP_BYTES * 8 - 1; + /* Record is not in this buffer. */ + if (index > last_index) + goto out; + while (rc == 0) { struct llog_rec_hdr *rec;