[ 13/24] libceph: check for invalid mapping

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	alan@lxorguk.ukuu.org.uk, Sage Weil <sage@inktank.com>,
	Alex Elder <elder@inktank.com>
Subject: [ 13/24] libceph: check for invalid mapping
Date: Fri,  2 Nov 2012 10:07:01 -0700	[thread overview]
Message-ID: <20121102170248.373543982@linuxfoundation.org> (raw)
In-Reply-To: <20121102170247.406319110@linuxfoundation.org>

3.6-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sage Weil <sage@inktank.com>

commit d63b77f4c552cc3a20506871046ab0fcbc332609 upstream.

If we encounter an invalid (e.g., zeroed) mapping, return an error
and avoid a divide by zero.

Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Alex Elder <elder@inktank.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 include/linux/ceph/osd_client.h |    2 +-
 include/linux/ceph/osdmap.h     |    6 +++---
 net/ceph/osd_client.c           |   32 ++++++++++++++++++++------------
 net/ceph/osdmap.c               |   18 ++++++++++++++++--
 4 files changed, 40 insertions(+), 18 deletions(-)

--- a/include/linux/ceph/osd_client.h
+++ b/include/linux/ceph/osd_client.h
@@ -207,7 +207,7 @@ extern void ceph_osdc_handle_reply(struc
 extern void ceph_osdc_handle_map(struct ceph_osd_client *osdc,
 				 struct ceph_msg *msg);
 
-extern void ceph_calc_raw_layout(struct ceph_osd_client *osdc,
+extern int ceph_calc_raw_layout(struct ceph_osd_client *osdc,
 			struct ceph_file_layout *layout,
 			u64 snapid,
 			u64 off, u64 *plen, u64 *bno,
--- a/include/linux/ceph/osdmap.h
+++ b/include/linux/ceph/osdmap.h
@@ -109,9 +109,9 @@ extern struct ceph_osdmap *osdmap_apply_
 extern void ceph_osdmap_destroy(struct ceph_osdmap *map);
 
 /* calculate mapping of a file extent to an object */
-extern void ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
-					  u64 off, u64 *plen,
-					  u64 *bno, u64 *oxoff, u64 *oxlen);
+extern int ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
+					 u64 off, u64 *plen,
+					 u64 *bno, u64 *oxoff, u64 *oxlen);
 
 /* calculate mapping of object to a placement group */
 extern int ceph_calc_object_layout(struct ceph_object_layout *ol,
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -52,7 +52,7 @@ static int op_has_extent(int op)
 		op == CEPH_OSD_OP_WRITE);
 }
 
-void ceph_calc_raw_layout(struct ceph_osd_client *osdc,
+int ceph_calc_raw_layout(struct ceph_osd_client *osdc,
 			struct ceph_file_layout *layout,
 			u64 snapid,
 			u64 off, u64 *plen, u64 *bno,
@@ -62,12 +62,15 @@ void ceph_calc_raw_layout(struct ceph_os
 	struct ceph_osd_request_head *reqhead = req->r_request->front.iov_base;
 	u64 orig_len = *plen;
 	u64 objoff, objlen;    /* extent in object */
+	int r;
 
 	reqhead->snapid = cpu_to_le64(snapid);
 
 	/* object extent? */
-	ceph_calc_file_object_mapping(layout, off, plen, bno,
-				      &objoff, &objlen);
+	r = ceph_calc_file_object_mapping(layout, off, plen, bno,
+					  &objoff, &objlen);
+	if (r < 0)
+		return r;
 	if (*plen < orig_len)
 		dout(" skipping last %llu, final file extent %llu~%llu\n",
 		     orig_len - *plen, off, *plen);
@@ -83,7 +86,7 @@ void ceph_calc_raw_layout(struct ceph_os
 
 	dout("calc_layout bno=%llx %llu~%llu (%d pages)\n",
 	     *bno, objoff, objlen, req->r_num_pages);
-
+	return 0;
 }
 EXPORT_SYMBOL(ceph_calc_raw_layout);
 
@@ -112,20 +115,25 @@ EXPORT_SYMBOL(ceph_calc_raw_layout);
  *
  * fill osd op in request message.
  */
-static void calc_layout(struct ceph_osd_client *osdc,
-			struct ceph_vino vino,
-			struct ceph_file_layout *layout,
-			u64 off, u64 *plen,
-			struct ceph_osd_request *req,
-			struct ceph_osd_req_op *op)
+static int calc_layout(struct ceph_osd_client *osdc,
+		       struct ceph_vino vino,
+		       struct ceph_file_layout *layout,
+		       u64 off, u64 *plen,
+		       struct ceph_osd_request *req,
+		       struct ceph_osd_req_op *op)
 {
 	u64 bno;
+	int r;
 
-	ceph_calc_raw_layout(osdc, layout, vino.snap, off,
-			     plen, &bno, req, op);
+	r = ceph_calc_raw_layout(osdc, layout, vino.snap, off,
+				 plen, &bno, req, op);
+	if (r < 0)
+		return r;
 
 	snprintf(req->r_oid, sizeof(req->r_oid), "%llx.%08llx", vino.ino, bno);
 	req->r_oid_len = strlen(req->r_oid);
+
+	return r;
 }
 
 /*
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -984,7 +984,7 @@ bad:
  * for now, we write only a single su, until we can
  * pass a stride back to the caller.
  */
-void ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
+int ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
 				   u64 off, u64 *plen,
 				   u64 *ono,
 				   u64 *oxoff, u64 *oxlen)
@@ -998,11 +998,17 @@ void ceph_calc_file_object_mapping(struc
 
 	dout("mapping %llu~%llu  osize %u fl_su %u\n", off, *plen,
 	     osize, su);
+	if (su == 0 || sc == 0)
+		goto invalid;
 	su_per_object = osize / su;
+	if (su_per_object == 0)
+		goto invalid;
 	dout("osize %u / su %u = su_per_object %u\n", osize, su,
 	     su_per_object);
 
-	BUG_ON((su & ~PAGE_MASK) != 0);
+	if ((su & ~PAGE_MASK) != 0)
+		goto invalid;
+
 	/* bl = *off / su; */
 	t = off;
 	do_div(t, su);
@@ -1030,6 +1036,14 @@ void ceph_calc_file_object_mapping(struc
 	*plen = *oxlen;
 
 	dout(" obj extent %llu~%llu\n", *oxoff, *oxlen);
+	return 0;
+
+invalid:
+	dout(" invalid layout\n");
+	*ono = 0;
+	*oxoff = 0;
+	*oxlen = 0;
+	return -EINVAL;
 }
 EXPORT_SYMBOL(ceph_calc_file_object_mapping);

next prev parent reply	other threads:[~2012-11-02 17:07 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-02 17:06 [ 00/24] 3.6.6-stable review Greg Kroah-Hartman
2012-11-02 17:06 ` [ 01/24] ext4: fix unjournaled inode bitmap modification Greg Kroah-Hartman
2012-11-02 17:06 ` [ 02/24] blkcg: Fix use-after-free of q->root_blkg and q->root_rl.blkg Greg Kroah-Hartman
2012-11-02 17:06 ` [ 03/24] gpio-timberdale: fix a potential wrapping issue Greg Kroah-Hartman
2012-11-02 17:06 ` [ 04/24] gpiolib: Dont return -EPROBE_DEFER to sysfs, or for invalid gpios Greg Kroah-Hartman
2012-11-02 17:06 ` [ 05/24] md/raid1: Fix assembling of arrays containing Replacements Greg Kroah-Hartman
2012-11-02 17:06 ` [ 06/24] floppy: dont call alloc_ordered_workqueue inside the alloc_disk loop Greg Kroah-Hartman
2012-11-02 17:06 ` [ 07/24] floppy: do put_disk on current dr if blk_init_queue fails Greg Kroah-Hartman
2012-11-02 17:06 ` [ 08/24] floppy: properly handle failure on add_disk loop Greg Kroah-Hartman
2012-11-02 17:06 ` [ 09/24] rbd: reset BACKOFF if unable to re-queue Greg Kroah-Hartman
2012-11-02 17:06 ` [ 10/24] libceph: avoid NULL kref_put when osd reset races with alloc_msg Greg Kroah-Hartman
2012-11-02 17:06 ` [ 11/24] ceph: fix dentry reference leak in encode_fh() Greg Kroah-Hartman
2012-11-02 17:07 ` [ 12/24] ceph: Fix oops when handling mdsmap that decreases max_mds Greg Kroah-Hartman
2012-11-02 17:07 ` Greg Kroah-Hartman [this message]
2012-11-02 17:07 ` [ 14/24] ceph: avoid 32-bit page index overflow Greg Kroah-Hartman
2012-11-02 17:07 ` [ 15/24] USB: mos7840: fix port-data memory leak Greg Kroah-Hartman
2012-11-02 17:07 ` [ 16/24] USB: iuu_phoenix: fix backported patches Greg Kroah-Hartman
2012-11-02 17:07 ` [ 17/24] USB: io_edgeport: remove unused variable Greg Kroah-Hartman
2012-11-02 17:07 ` [ 18/24] qla2xxx: Update target lookup session tables when a target session changes Greg Kroah-Hartman
2012-11-02 17:07 ` [ 19/24] target: reintroduce some obsolete SCSI-2 commands Greg Kroah-Hartman
2012-11-02 17:07 ` [ 20/24] target: Fix double-free of se_cmd in target_complete_tmr_failure Greg Kroah-Hartman
2012-11-02 17:07 ` [ 21/24] HID: microsoft: fix invalid rdesc for 3k kbd Greg Kroah-Hartman
2012-11-02 17:07 ` [ 22/24] drm/nouveau: silence modesetting spam on pre-gf8 chipsets Greg Kroah-Hartman
2012-11-02 17:07 ` [ 23/24] drm/nouveau: fix suspend/resume when in headless mode Greg Kroah-Hartman
2012-11-02 17:07 ` [ 24/24] drm/nouveau: headless mode by default if pci class != vga display Greg Kroah-Hartman
2012-11-05  7:37 ` [ 00/24] 3.6.6-stable review Zhi Yong Wu
2012-11-05  7:41   ` Greg Kroah-Hartman
2012-11-05  7:46     ` Zhi Yong Wu
2012-11-05  8:19       ` Willy Tarreau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20121102170248.373543982@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=elder@inktank.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sage@inktank.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.