87305 – kdbus: the slice size check in kdbus_pool_copy does not make sense

Bug 87305 - kdbus: the slice size check in kdbus_pool_copy does not make sense

Summary: kdbus: the slice size check in kdbus_pool_copy does not make sense

Status:	RESOLVED FIXED

Alias:	None

Product:	systemd
Classification:	Unclassified
Component:	general (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	systemd-bugs
QA Contact:	systemd-bugs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-12-14 14:35 UTC by Hristo Venev
Modified:	2014-12-15 15:53 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Hristo Venev 2014-12-14 14:35:13 UTC

It looks like the slice occupies pool[slice->off,slice->off+slice->size).

Therefore:
--- a/pool.c
+++ b/pool.c
@@ -644,7 +644,7 @@ static int kdbus_pool_copy(const struct kdbus_pool_slice *slice,
        unsigned long rem = len;
        int ret = 0;
 
-       BUG_ON(off_dst + len > slice->size);
+       BUG_ON(len > slice->size);
        BUG_ON(slice->free);
 
        mutex_lock(&i_dst->i_mutex);


Confirmed, this makes my system less crash-prone (down to about 0% from 100% crash probability).

Comment 1 Daniel Mack 2014-12-15 15:53:11 UTC

Nice catch, thanks. The implementation in that function is a left-over. I've pushed a patch that cleans up the API, and removes that bogus assertion.

Thanks!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.