Commit f6f84be0 authored by Md Haris Iqbal's avatar Md Haris Iqbal Committed by Jens Axboe
Browse files

block/rnbd-srv: Add sanity check and remove redundant assignment 



The bio->bi_iter.bi_size is updated when bio_add_page() is called. So we
do not need to assign msg->bi_size again to it, since its redudant and
can also be harmful. Instead we can use it to add a sanity check, which
checks the locally calculated bi_size, with the one sent in msg.

Signed-off-by: default avatarMd Haris Iqbal <haris.iqbal@ionos.com>
Signed-off-by: default avatarJack Wang <jinpu.wang@ionos.com>
Signed-off-by: default avatarGrzegorz Prajsner <grzegorz.prajsner@ionos.com>
Link: https://lore.kernel.org/r/20240809135346.978320-1-haris.iqbal@ionos.com


Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 752a5929

drivers/block/rnbd/rnbd-srv.c

+9 −2
Original line number Diff line number Diff line
@@ -149,15 +149,22 @@ static int process_rdma(struct rnbd_srv_session *srv_sess, 
			rnbd_to_bio_flags(le32_to_cpu(msg->rw)), GFP_KERNEL);

	if (bio_add_page(bio, virt_to_page(data), datalen,

			offset_in_page(data)) != datalen) {

		rnbd_srv_err(sess_dev, "Failed to map data to bio\n");

		rnbd_srv_err_rl(sess_dev, "Failed to map data to bio\n");

		err = -EINVAL;

		goto bio_put;

	}



	bio->bi_opf = rnbd_to_bio_flags(le32_to_cpu(msg->rw));

	if (bio_has_data(bio) &&

	    bio->bi_iter.bi_size != le32_to_cpu(msg->bi_size)) {

		rnbd_srv_err_rl(sess_dev, "Datalen mismatch:  bio bi_size (%u), bi_size (%u)\n",

				bio->bi_iter.bi_size, msg->bi_size);

		err = -EINVAL;

		goto bio_put;

	}

	bio->bi_end_io = rnbd_dev_bi_end_io;

	bio->bi_private = priv;

	bio->bi_iter.bi_sector = le64_to_cpu(msg->sector);

	bio->bi_iter.bi_size = le32_to_cpu(msg->bi_size);

	prio = srv_sess->ver < RNBD_PROTO_VER_MAJOR ||

	       usrlen < sizeof(*msg) ? 0 : le16_to_cpu(msg->prio);

	bio_set_prio(bio, prio);