TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2da20fd904
twx-linux/lib
History
Nitesh Shetty 334d7c4fb6 iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec 
If iov_offset is non-zero, then we need to consider iov_offset in length
calculation, otherwise we might pass smaller IOs such as 512 bytes, in
below scenario [1].

This issue is reproducible using lib-uring test/fixed-seg.c application
with fixed buffer on a 512 LBA formatted device.

[1]

At present we pass the alignment check, for 512 LBA formatted devices,
len_mask = 511 when IO is smaller, i->count = 512 has an offset,
i->io_offset = 3584 with bvec values, bvec->bv_offset = 256,
bvec->bv_len = 3840.  In short, the first 256 bytes are in the current
page, next 256 bytes are in the another page.  Ideally we expect to
fail the IO.


I can think of 2 userspace scenarios where we experience this.

a: From userspace, we observe a different behaviour when device LBA
   size is 512 vs 4096 bytes.  For 4096 LBA formatted device, I see the
   same liburing test [2] failing, whereas 512 the test passes without
   this.  This is reproducible everytime.

   [2] https://github.com/axboe/liburing/

b: Although I was not able to reproduce the below condition, but I
   suspect below case should be possible from user space for devices
   with 512 LBA formatted device.  Lets say from userspace while
   allocating a virtually single chunk of memory, if we get 2 physical
   chunk of memory, and IO happens to be at the boundary of first
   physical chunk with length crossing first chunk, then we allow IOs
   to proceed and hence we might map wrong physical address length and
   proceed with IO rather than failing.

: --- a/test/fixed-seg.c
: +++ b/test/fixed-seg.c
: @@ -64,7 +64,7 @@ static int test(struct io_uring *ring, int fd, int
: vec_off)
: 		return T_EXIT_FAIL;
: 	}
: 
: -       ret = read_it(ring, fd, 4096, vec_off);
: +       ret = read_it(ring, fd, 4096, 7*512 + 256);
: 	if (ret) {
: 		fprintf(stderr, "4096 0 failed\n");
: 		return T_EXIT_FAIL;

Effectively this is a write crossing the page boundary.

Link: https://lkml.kernel.org/r/20250428095849.11709-1-nj.shetty@samsung.com
Fixes: 2263639f96f2 ("iov_iter: streamline iovec/bvec alignment iteration")
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Reviewed-by: Anuj Gupta <anuj20.g@samsung.com>
Signed-off-by: Nitesh Shetty <nj.shetty@samsung.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Keith Busch <kbusch@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2025-06-05 22:02:23 -07:00
..
842 lib: 842: Improve error handling in sw842_compress() 2025-02-09 18:08:11 +08:00
crypto crypto: testmgr - make it easier to enable the full set of tests 2025-05-12 13:34:03 +08:00
dim dim: pass dim_sample to net_dim() by reference 2024-11-03 12:36:54 -08:00
fonts drm/log: select CONFIG_FONT_SUPPORT 2024-12-12 18:26:32 +01:00
kunit kunit: Fix wrong parameter to kunit_deactivate_static_stub() 2025-05-21 09:51:23 -06:00
lz4 include/linux/lz4.h: add some missing macros 2025-01-24 22:47:28 -08:00
lzo crypto: lzo - Fix compression buffer overrun 2025-03-08 16:23:22 +08:00
math lib/prime_numbers: convert self-test to KUnit 2025-02-12 14:00:11 -08:00
pldmfw pldmfw: Don't require send_package_data or send_component_table to be defined 2025-05-15 12:59:18 +02:00
raid6 raid6: skip avx512 checks 2025-04-30 21:53:48 +02:00
reed_solomon
test_fortify kbuild: require gcc-8 and binutils-2.30 2025-04-30 21:53:35 +02:00
tests require gcc-8 and binutils-2.30 2025-05-31 08:16:52 -07:00
vdso mseal sysmap: generic vdso vvar mapping 2025-04-01 15:17:15 -07:00
xz move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
zlib_deflate lib/zlib: drop EQUAL macro 2025-03-16 22:30:49 -07:00
zlib_dfltcc lib/zlib: unpoison DFLTCC output buffers 2024-07-03 19:30:23 -07:00
zlib_inflate zlib: add module description 2025-04-11 17:32:38 -07:00
zstd Update zstd to the latest upstream release v1.5.7. Imported cleanly from the 2025-03-26 21:35:28 -07:00
.gitignore fortify: refactor test_fortify Makefile to fix some build problems 2024-08-15 09:26:02 -07:00
alloc_tag.c alloc_tag: handle module codetag load errors as module load failures 2025-06-05 22:02:23 -07:00
argv_split.c
ashldi3.c
ashrdi3.c
asn1_decoder.c ASN.1: add module description 2025-04-11 17:32:37 -07:00
asn1_encoder.c lib/asn1_encoder: add missing MODULE_DESCRIPTION() macro 2024-06-24 22:25:06 -07:00
assoc_array.c assoc_array: fix the return value in assoc_array_insert_mid_shortcut() 2024-03-12 13:09:23 -07:00
atomic64_test.c x86/cpufeatures: Rename X86_CMPXCHG64 to X86_CX8 2025-02-28 11:42:34 +01:00
atomic64.c atomic64: Use arch_spin_locks instead of raw_spin_locks 2025-01-22 15:07:01 -05:00
audit.c
base64.c
bcd.c lib/bcd: optimize _bin2bcd() for improved performance 2024-09-01 20:43:33 -07:00
bch.c lib/bch.c: use swap() to improve code 2024-07-12 16:39:53 -07:00
bitmap-str.c
bitmap.c cpumask: add cpumask_weight_andnot() 2024-02-01 13:06:40 +01:00
bitrev.c
bootconfig-data.S
bootconfig.c bootconfig: Remove duplicate included header file linux/bootconfig.h 2024-07-12 08:55:02 +09:00
bsearch.c
btree.c minmax: make generic MIN() and MAX() macros available everywhere 2024-07-28 15:49:18 -07:00
bucket_locks.c
bug.c bug: Use RCU instead RCU-sched to protect module_bug_list. 2025-03-10 11:54:46 +01:00
build_OID_registry lib/build_OID_registry: avoid non-destructive substitution for Perl < 5.13.2 compat 2024-07-06 11:39:51 -07:00
buildid.c lib/buildid: Handle memfd_secret() files in build_id_parse() 2024-10-17 21:30:32 +02:00
bust_spinlocks.c
check_signature.c
checksum.c net: checksum: Move from32to16() to generic header 2024-10-30 15:29:59 +01:00
closure.c closures: use seq_putc() in debug_show() 2024-09-01 20:43:29 -07:00
clz_ctz.c
clz_tab.c
cmdline.c
cmpdi2.c
cmpxchg-emu.c lib: Add one-byte emulation function 2024-04-09 22:06:00 -07:00
codetag.c alloc_tag: handle module codetag load errors as module load failures 2025-06-05 22:02:23 -07:00
compat_audit.c
cpu_rmap.c net: move aRFS rmap management and CPU affinity to core 2025-02-26 19:51:37 -08:00
cpumask.c cpumask: drop cpumask_next_wrap_old() 2025-02-24 16:37:23 -05:00
crc4.c
crc7.c lib/crc7: unexport crc7_be_syndrome_table 2025-03-10 09:29:29 -07:00
crc8.c
crc16.c lib/crc16: unexport crc16_table and crc16_byte() 2025-05-13 20:37:16 -07:00
crc32.c Networking changes for 6.16. 2025-05-28 15:24:36 -07:00
crc64.c lib/crc64: add support for arch-optimized implementations 2025-02-08 20:06:28 -08:00
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c lib/crc-t10dif: stop wrapping the crypto API 2024-12-01 17:23:13 -08:00
ctype.c
debug_info.c
debug_locks.c
debugobjects.c debugobjects: Track object usage to avoid premature freeing of objects 2024-10-15 17:30:33 +02:00
dec_and_lock.c
decompress_bunzip2.c decompress_bunzip2: fix rare decompression failure 2024-07-26 14:33:09 -07:00
decompress_inflate.c
decompress_unlz4.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
decompress_unlzma.c minmax: make generic MIN() and MAX() macros available everywhere 2024-07-28 15:49:18 -07:00
decompress_unlzo.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
decompress_unxz.c xz: remove XZ_EXTERN and extern from functions 2024-09-01 20:43:27 -07:00
decompress_unzstd.c
decompress.c
devmem_is_allowed.c
devres.c devres: Export devm_ioremap_resource_wc() 2025-05-05 16:18:09 -05:00
dhry_1.c lib: dhry: use ktime_ms_delta() helper 2024-02-22 15:38:52 -08:00
dhry_2.c
dhry_run.c KUnit: add missing MODULE_DESCRIPTION() macros for lib/test_*.ko 2024-06-24 22:25:11 -07:00
dhry.h
digsig.c
dump_stack.c lib/dump_stack: Use preempt_model_str() 2025-03-17 11:23:39 +01:00
dynamic_debug.c dyndbg: use seq_putc() in ddebug_proc_show() 2024-09-01 20:43:29 -07:00
dynamic_queue_limits.c dql: Fix dql->limit value when reset. 2025-03-25 06:26:55 -07:00
earlycpio.c
errname.c
error-inject.c
errseq.c errseq: eliminate special limitation for macro MAX_ERRNO 2025-05-11 17:54:06 -07:00
extable.c
fault-inject-usercopy.c
fault-inject.c fault-inject: use prandom where cryptographically secure randomness is not needed 2025-01-12 20:21:00 -08:00
fdt_addresses.c
fdt_empty_tree.c
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
fdt.c
find_bit_benchmark.c lib: bitmap: add missing MODULE_DESCRIPTION() macros 2024-06-18 10:40:52 -07:00
find_bit.c find: Add find_first_andnot_bit() 2025-05-15 20:24:40 +02:00
flex_proportions.c flex_proportions: remove unused fprop_local_single 2024-02-22 15:38:52 -08:00
fw_table.c lib/firmware_table: Provide buffer length argument to cdat_table_parse() 2024-03-13 00:03:21 -07:00
gen_crc32table.c lib/crc32: remove other generic implementations 2025-01-29 09:10:35 -08:00
gen_crc64table.c lib/crc64: rename CRC64-Rocksoft to CRC64-NVME 2025-02-08 20:06:24 -08:00
genalloc.c
generic-radix-tree.c lib/generic-radix-tree.c: add preallocation 2024-09-09 09:41:47 -04:00
glob.c lib: glob.c: added null check for character class 2024-09-09 16:47:41 -07:00
globtest.c
group_cpus.c
hexdump.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
hweight.c
idr.c ida: Add ida_find_first_range() 2025-03-25 10:18:31 -03:00
inflate.c lib/inflate.c: remove dead code 2025-01-12 20:21:15 -08:00
interval_tree_test.c lib/interval_tree: add test case for span iteration 2025-03-17 12:17:01 -07:00
interval_tree.c lib/interval_tree: fix the comment of interval_tree_span_iter_next_gap() 2025-03-17 12:17:01 -07:00
iomap_copy.c s390: Stop using weak symbols for __iowrite64_copy() 2024-04-22 17:11:20 -03:00
iomap.c asm-generic/io.h: rework split ioread64/iowrite64 helpers 2025-03-01 21:00:22 +01:00
iomem_copy.c lib/iomem_copy: fix kerneldoc format style 2024-10-29 07:14:29 +00:00
iommu-helper.c
iov_iter.c iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec 2025-06-05 22:02:23 -07:00
irq_poll.c softirq: Remove unused 'action' parameter from action callback 2024-08-20 17:13:40 +02:00
irq_regs.c
is_single_threaded.c
kasprintf.c
Kconfig lib/crc: remove CONFIG_LIBCRC32C 2025-04-04 11:31:42 -07:00
Kconfig.debug - The 3 patch series "hung_task: extend blocking task stacktrace dump to 2025-05-31 19:12:53 -07:00
Kconfig.kasan kasan: delete CONFIG_KASAN_MODULE_TEST 2024-11-11 00:26:44 -08:00
Kconfig.kcsan
Kconfig.kfence
Kconfig.kgdb Documentation: move dev-tools debugging files to process/debugging/ 2024-12-17 13:46:53 -07:00
Kconfig.kmsan
Kconfig.ubsan hardening fixes for v6.16-rc1 (take 2) 2025-06-01 11:37:01 -07:00
kfifo.c TTY/Serial changes for 6.10-rc1 2024-05-22 11:53:02 -07:00
klist.c
kobject_uevent.c kobject_uevent: Fix OOB access within zap_modalias_env() 2024-06-12 13:24:05 +02:00
kobject.c kobject: Remove unused functions 2025-01-14 19:45:35 +01:00
kstrtox.c kstrtox: add support for enabled and disabled in kstrtobool() 2025-05-11 17:54:06 -07:00
kstrtox.h
linear_ranges.c
list_debug.c lib/list_debug.c: add object information in case of invalid object 2025-01-25 20:22:23 -08:00
list_sort.c lib/list_sort: clarify comparison function requirements in list_sort() 2025-01-24 22:47:23 -08:00
llist.c llist: make llist_add_batch() a static inline 2025-05-27 19:40:34 -07:00
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-rtmutex.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c locking/ww_mutex: Fix ww_mutex dummy lockdep map selftest warnings 2024-12-02 12:16:57 +01:00
lockref.c lockref: use bool for false/true returns 2025-01-16 11:48:11 +01:00
logic_iomem.c
logic_pio.c logic_pio: Constify fwnode_handle 2024-10-14 16:33:24 -05:00
lru_cache.c lib/lru_cache: fix spelling mistake "colision"->"collision" 2024-09-01 20:43:29 -07:00
lshrdi3.c
lwq.c
Makefile kbuild: Switch from -Wvla to -Wvla-larger-than=1 2025-05-08 09:42:06 -07:00
maple_tree.c maple_tree: reorder mas->store_type case statements 2025-05-11 17:48:29 -07:00
memcat_p.c
memory-notifier-error-inject.c
memregion.c
memweight.c
min_heap.c lib min_heap: use size_t for array size and index variables 2025-03-16 23:24:14 -07:00
muldi3.c
net_utils.c net, treewide: define and use MAC_ADDR_STR_LEN 2025-03-19 19:17:58 +01:00
netdev-notifier-error-inject.c
nlattr.c netlink: add nla be16/32 types to minlen array 2024-02-22 19:01:55 -08:00
nmi_backtrace.c
notifier-error-inject.c
notifier-error-inject.h
objagg.c mlxsw: spectrum_acl_erp: Fix object nesting warning 2024-06-10 11:14:52 +01:00
objpool.c objpool: fix to make percpu slot allocation more robust 2024-11-07 14:14:58 -08:00
of-reconfig-notifier-error-inject.c
oid_registry.c lib/oid_registry.c: remove unused sprint_OID 2025-05-11 17:54:13 -07:00
once.c
packing_test.c lib: packing: add pack_fields() and unpack_fields() 2024-12-11 20:13:00 -08:00
packing.c lib: packing: add pack_fields() and unpack_fields() 2024-12-11 20:13:00 -08:00
parman.c
parser.c Documentation: core-api: add generic parser docbook 2024-12-11 09:07:40 -07:00
percpu_counter.c lib/percpu_counter: add missing __percpu qualifier to a cast 2024-09-01 20:43:34 -07:00
percpu_test.c percpu: add a test case for the specific 64-bit value addition 2024-11-06 20:11:14 -08:00
percpu-refcount.c
plist.c lib/plist.c: add shortcut for plist_requeue() 2025-03-16 22:30:47 -07:00
pm-notifier-error-inject.c
polynomial.c
radix-tree.c
radix-tree.h
random32.c Random number generator updates for Linux 6.13-rc1. 2024-11-19 10:43:44 -08:00
ratelimit.c ratelimit: Drop redundant accesses to burst 2025-05-08 16:13:27 -07:00
rbtree_test.c lib/rbtree: add random seed 2025-03-17 12:17:00 -07:00
rbtree.c lib/rbtree.c: fix the example typo 2025-05-11 17:54:04 -07:00
rcuref.c rcuref: Plug slowpath race in rcuref_put() 2025-01-29 15:21:31 +01:00
ref_tracker.c
refcount.c
rhashtable.c Mainly individually changelogged singleton patches. The patch series in 2025-01-26 17:50:53 -08:00
sbitmap.c lib/sbitmap: define swap_lock as raw_spinlock_t 2024-09-20 00:20:06 -06:00
scatterlist.c scatterlist: inline sg_next() 2025-05-11 17:54:08 -07:00
seq_buf.c seq_buf: Fix kernel documentation 2024-02-15 12:17:28 -05:00
sg_pool.c
sg_split.c lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets 2025-04-01 15:20:46 -07:00
siphash.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
smp_processor_id.c
sort.c lib/sort.c: add _nonatomic() variants with cond_resched() 2025-04-01 15:20:46 -07:00
stackdepot.c mm, bpf: Introduce free_pages_nolock() 2025-02-27 09:36:18 -08:00
stmp_device.c
string_helpers.c lib/string_helpers: Introduce parse_int_array() 2025-04-07 15:07:56 +01:00
string.c string: Add load_unaligned_zeropad() code path to sized_strscpy() 2025-04-15 13:50:17 -07:00
strncpy_from_user.c kasan: move checks to do_strncpy_from_user 2024-11-11 00:26:43 -08:00
strnlen_user.c x86: support user address masking instead of non-speculative conditional 2024-08-19 11:31:18 -07:00
syscall.c
test_bitmap.c bitmap: remove _check_eq_u32_array 2025-02-18 11:51:21 -05:00
test_bitops.c lib/test_bitops: Add benchmark test for fns() 2024-05-09 09:25:08 -07:00
test_bpf.c bpf/tests: Add 32 bits only long conditional jump tests 2025-01-06 16:10:19 +01:00
test_debug_virtual.c
test_dynamic_debug.c dyndbg: add missing MODULE_DESCRIPTION() macro 2024-06-04 17:40:02 +02:00
test_firmware.c module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
test_fpu_glue.c lib: fix the NULL vs IS_ERR() bug for debugfs_create_dir() 2024-09-01 20:43:40 -07:00
test_fpu_impl.c selftests/fpu: move FP code to a separate translation unit 2024-05-19 14:36:20 -07:00
test_fpu.h selftests/fpu: move FP code to a separate translation unit 2024-05-19 14:36:20 -07:00
test_free_pages.c KUnit: add missing MODULE_DESCRIPTION() macros for lib/test_*.ko 2024-06-24 22:25:11 -07:00
test_hexdump.c KUnit: add missing MODULE_DESCRIPTION() macros for lib/test_*.ko 2024-06-24 22:25:11 -07:00
test_hmm_uapi.h
test_hmm.c mm: allow compound zone device pages 2025-03-17 22:06:39 -07:00
test_ida.c ida: Add ida_find_first_range() 2025-03-25 10:18:31 -03:00
test_kmod.c lib/test_kmod: do not hardcode/depend on any filesystem 2025-05-11 17:54:09 -07:00
test_lockup.c
test_maple_tree.c test_maple_tree: test exhausted upper limit of mtree_alloc_cyclic() 2025-01-25 20:22:19 -08:00
test_memcat_p.c KUnit: add missing MODULE_DESCRIPTION() macros for lib/test_*.ko 2024-06-24 22:25:11 -07:00
test_meminit.c KUnit: add missing MODULE_DESCRIPTION() macros for lib/test_*.ko 2024-06-24 22:25:11 -07:00
test_min_heap.c lib/test_min_heap: use inline min heap variants to reduce attack vector 2025-01-12 20:20:57 -08:00
test_module.c KUnit: add missing MODULE_DESCRIPTION() macros for lib/test_*.ko 2024-06-24 22:25:11 -07:00
test_objagg.c lib: test_objagg: Fix spelling 2024-06-10 11:14:52 +01:00
test_objpool.c lib: test_objpool: Switch to use hrtimer_setup() 2025-02-18 10:32:32 +01:00
test_parman.c lib/test_parman: Include <linux/prandom.h> instead of <linux/random.h> 2024-10-03 18:20:27 +02:00
test_ref_tracker.c KUnit: add missing MODULE_DESCRIPTION() macros for lib/test_*.ko 2024-06-24 22:25:11 -07:00
test_rhashtable.c lib/test_rhashtable: add missing MODULE_DESCRIPTION() macro 2024-06-03 18:51:18 -07:00
test_static_key_base.c KUnit: add missing MODULE_DESCRIPTION() macros for lib/test_*.ko 2024-06-24 22:25:11 -07:00
test_static_keys.c KUnit: add missing MODULE_DESCRIPTION() macros for lib/test_*.ko 2024-06-24 22:25:11 -07:00
test_sysctl.c sysctl: Close test ctl_headers with a for loop 2025-04-14 14:13:41 +02:00
test_ubsan.c ubsan: Fix panic from test_ubsan_out_of_bounds 2025-04-15 13:50:17 -07:00
test_uuid.c uuid: add missing MODULE_DESCRIPTION() macro 2024-06-24 22:25:06 -07:00
test_vmalloc.c lib/test_vmalloc.c: allow built-in execution 2025-05-11 17:48:34 -07:00
test_xarray.c xarray: make xa_alloc_cyclic() return 0 on all success cases 2025-05-11 17:48:19 -07:00
test-kstrtox.c KUnit: add missing MODULE_DESCRIPTION() macros for lib/test_*.ko 2024-06-24 22:25:11 -07:00
textsearch.c
timerqueue.c
trace_readwrite.c
ts_bm.c lib/ts: add missing MODULE_DESCRIPTION() macros 2024-06-24 22:25:04 -07:00
ts_fsm.c lib/ts: add missing MODULE_DESCRIPTION() macros 2024-06-24 22:25:04 -07:00
ts_kmp.c lib/ts: add missing MODULE_DESCRIPTION() macros 2024-06-24 22:25:04 -07:00
ubsan.c KVM: arm64: Introduce CONFIG_UBSAN_KVM_EL2 2025-05-07 11:21:35 +01:00
ubsan.h ubsan/overflow: Rework integer overflow sanitizer option to turn on everything 2025-03-07 19:58:05 -08:00
ucmpdi2.c
ucs2_string.c ucs2_string: add module description 2025-04-11 17:32:38 -07:00
union_find.c Union-Find: add a new module in kernel library 2024-07-30 13:04:36 -10:00
usercopy.c uaccess: always export _copy_[from|to]_user with CONFIG_RUST 2024-07-08 23:44:01 +02:00
uuid.c
vsprintf.c drm for 6.16-rc1 2025-05-28 09:46:39 -07:00
win_minmax.c rxrpc: Generate rtt_min 2024-12-09 13:48:29 -08:00
xarray.c xarray: fix kerneldoc for __xa_cmpxchg 2025-05-12 23:50:49 -07:00
xxhash.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00