Skip to content

L
linux
Commit cd7d469c authored by Xiubo Li's avatar Xiubo Li Committed by Ilya Dryomov
Browse files
Options

libceph: fail sparse-read if the data length doesn't match 

Once this happens that means there have bugs.
Signed-off-by: default avatarXiubo Li <xiubli@redhat.com>
Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
parent 54be6c6c
Hide whitespace changes
Inline Side-by-side
Showing with 17 additions and 4 deletions
include/linux/ceph/osd_client.h
View file @ cd7d469c
......@@ -45,6 +45,7 @@ enum ceph_sparse_read_state {
CEPH_SPARSE_READ_HDR = 0,
CEPH_SPARSE_READ_EXTENTS,
CEPH_SPARSE_READ_DATA_LEN,
CEPH_SPARSE_READ_DATA_PRE,
CEPH_SPARSE_READ_DATA,
};
......@@ -64,7 +65,7 @@ struct ceph_sparse_read {
u64 sr_req_len; /* orig request length */
u64 sr_pos; /* current pos in buffer */
int sr_index; /* current extent index */
__le32 sr_datalen; /* length of actual data */
u32 sr_datalen; /* length of actual data */
u32 sr_count; /* extent count in reply */
int sr_ext_len; /* length of extent array */
struct ceph_sparse_extent *sr_extent; /* extent array */
......
net/ceph/osd_client.c
View file @ cd7d469c
......@@ -5857,8 +5857,8 @@ static int osd_sparse_read(struct ceph_connection *con,
struct ceph_osd *o = con->private;
struct ceph_sparse_read *sr = &o->o_sparse_read;
u32 count = sr->sr_count;
u64 eoff, elen;
int ret;
u64 eoff, elen, len = 0;
int i, ret;
switch (sr->sr_state) {
case CEPH_SPARSE_READ_HDR:
......@@ -5903,8 +5903,20 @@ static int osd_sparse_read(struct ceph_connection *con,
convert_extent_map(sr);
ret = sizeof(sr->sr_datalen);
*pbuf = (char *)&sr->sr_datalen;
sr->sr_state = CEPH_SPARSE_READ_DATA;
sr->sr_state = CEPH_SPARSE_READ_DATA_PRE;
break;
case CEPH_SPARSE_READ_DATA_PRE:
/* Convert sr_datalen to host-endian */
sr->sr_datalen = le32_to_cpu((__force __le32)sr->sr_datalen);
for (i = 0; i < count; i++)
len += sr->sr_extent[i].len;
if (sr->sr_datalen != len) {
pr_warn_ratelimited("data len %u != extent len %llu\n",
sr->sr_datalen, len);
return -EREMOTEIO;
}
sr->sr_state = CEPH_SPARSE_READ_DATA;
fallthrough;
case CEPH_SPARSE_READ_DATA:
if (sr->sr_index >= count) {
sr->sr_state = CEPH_SPARSE_READ_HDR;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7