Fix out of array's bound in cow_read_mapping

datto / dattobd

kernel module for taking block-level snapshots and incremental backups of Linux block devices

GNU General Public License v2.0

561 stars 120 forks source link

Fix out of array's bound in cow_read_mapping #287

Closed lishuai-ujs closed 1 year ago

lishuai-ujs commented 1 year ago

In function snap_read_bio_get_mode, curr_end_bytes is uncorrect in second cycle of while loop, it shound minus the bytes have read in first cycle. This bug will cause out of array's bound in cow_read_mapping, finally kernel crashed.

details: https://github.com/datto/dattobd/issues/286

this patch tested in a 5TB xfs volume of centos 7.6.1810

dakotarwilliams commented 1 year ago

Good catch, thanks!

jcbmao commented 3 months ago

Hi. “What are the conditions for reproducing this crash?”

“I created a 5TB disk, formatted it with XFS file system, then took a snapshot. When I use the ‘dd’ command to read the snapshot, but the machine doesn’t crash.”

Swistusmen commented 3 months ago

Hi Unfortunately Dakota is no longer part of the team, could you please create separate issue as im out of the context. Thank you