[3.13.y.z extended stable] Patch "iovec: make sure the caller actually wants anything in memcpy_fromiovecend" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Tue Sep 2 21:37:03 UTC 2014


This is a note to let you know that I have just added a patch titled

    iovec: make sure the caller actually wants anything in memcpy_fromiovecend

to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue

This patch is scheduled to be released in version 3.13.11.7.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.13.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 0afe6f303cfe51d2cd896a2109f9fc8028d72e2e Mon Sep 17 00:00:00 2001
From: Sasha Levin <sasha.levin at oracle.com>
Date: Thu, 31 Jul 2014 23:00:35 -0400
Subject: iovec: make sure the caller actually wants anything in
 memcpy_fromiovecend

[ Upstream commit 06ebb06d49486676272a3c030bfeef4bd969a8e6 ]

Check for cases when the caller requests 0 bytes instead of running off
and dereferencing potentially invalid iovecs.

Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 net/core/iovec.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/core/iovec.c b/net/core/iovec.c
index a9c46ba..26dc006 100644
--- a/net/core/iovec.c
+++ b/net/core/iovec.c
@@ -107,6 +107,10 @@ EXPORT_SYMBOL(memcpy_toiovecend);
 int memcpy_fromiovecend(unsigned char *kdata, const struct iovec *iov,
 			int offset, int len)
 {
+	/* No data? Done! */
+	if (len == 0)
+		return 0;
+
 	/* Skip over the finished iovecs */
 	while (offset >= iov->iov_len) {
 		offset -= iov->iov_len;
--
1.9.1





More information about the kernel-team mailing list