diff options
| author | Johannes Thumshirn <jthumshirn@suse.de> | 2017-03-06 11:23:35 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-12-16 10:33:53 +0100 |
| commit | ca6d40bb082ae3d6f75da2fbd7af5ae77b7a80de (patch) | |
| tree | 267e3259960af0fffa65e49eab29c2ebdedb1cab | |
| parent | 39c626c1f9e3c96b96d4d0dd089dcd653b2874bb (diff) | |
| download | linux-stable-ca6d40bb082ae3d6f75da2fbd7af5ae77b7a80de.tar.gz linux-stable-ca6d40bb082ae3d6f75da2fbd7af5ae77b7a80de.tar.bz2 linux-stable-ca6d40bb082ae3d6f75da2fbd7af5ae77b7a80de.zip | |
zram: set physical queue limits to avoid array out of bounds accesses
[ Upstream commit 0bc315381fe9ed9fb91db8b0e82171b645ac008f ]
zram can handle at most SECTORS_PER_PAGE sectors in a bio's bvec. When using
the NVMe over Fabrics loopback target which potentially sends a huge bulk of
pages attached to the bio's bvec this results in a kernel panic because of
array out of bounds accesses in zram_decompress_page().
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | drivers/block/zram/zram_drv.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 62a93b685c54..502406c9e6e1 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -1247,6 +1247,8 @@ static int zram_add(void) blk_queue_io_min(zram->disk->queue, PAGE_SIZE); blk_queue_io_opt(zram->disk->queue, PAGE_SIZE); zram->disk->queue->limits.discard_granularity = PAGE_SIZE; + zram->disk->queue->limits.max_sectors = SECTORS_PER_PAGE; + zram->disk->queue->limits.chunk_sectors = 0; blk_queue_max_discard_sectors(zram->disk->queue, UINT_MAX); /* * zram_bio_discard() will clear all logical blocks if logical block |