[PATCH] ceph: fix three bugs, two in ceph_vxattrcb_file

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] ceph: fix three bugs, two in ceph_vxattrcb_file_layout()
@ 2012-03-12 22:42 Alex Elder
  2012-03-13  5:39 ` Sage Weil
  0 siblings, 1 reply; 2+ messages in thread
From: Alex Elder @ 2012-03-12 22:42 UTC (permalink / raw)
  To: ceph-devel

In ceph_vxattrcb_file_layout(), there is a check to determine
whether a preferred PG should be formatted into the output buffer.
That check assumes that a preferred PG number of 0 indicates "no
preference," but that is wrong.  No preference is indicated by a
negative (specifically, -1) PG number.

In addition, if that condition yields true, the preferred value
is formatted into a sized buffer, but the size consumed by the
earlier snprintf() call is not accounted for, opening up the
possibilty of a buffer overrun.

Finally, in ceph_vxattrcb_dir_rctime() where the nanoseconds part of
the time displayed did not include leading 0's, which led to
erroneous (sub-second portion of) time values being shown.

This fixes these three issues:
     http://tracker.newdream.net/issues/2155
     http://tracker.newdream.net/issues/2156
     http://tracker.newdream.net/issues/2157

Signed-off-by: Alex Elder <elder@dreamhost.com>
---
  fs/ceph/xattr.c |   11 ++++++++---
  1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
index 18df51e..715cfc6 100644
--- a/fs/ceph/xattr.c
+++ b/fs/ceph/xattr.c
@@ -79,7 +79,7 @@ static size_t ceph_vxattrcb_dir_rbytes(struct 
ceph_inode_info *ci, char *val,
  static size_t ceph_vxattrcb_dir_rctime(struct ceph_inode_info *ci, 
char *val,
  				       size_t size)
  {
-	return snprintf(val, size, "%ld.%ld", (long)ci->i_rctime.tv_sec,
+	return snprintf(val, size, "%ld.09%ld", (long)ci->i_rctime.tv_sec,
  			(long)ci->i_rctime.tv_nsec);
  }

@@ -118,10 +118,15 @@ static size_t ceph_vxattrcb_file_layout(struct 
ceph_inode_info *ci, char *val,
  		(unsigned long long)ceph_file_layout_su(ci->i_layout),
  		(unsigned long long)ceph_file_layout_stripe_count(ci->i_layout),
  		(unsigned long long)ceph_file_layout_object_size(ci->i_layout));
-	if (ceph_file_layout_pg_preferred(ci->i_layout))
-		ret += snprintf(val + ret, size, "preferred_osd=%lld\n",
+
+	if (ceph_file_layout_pg_preferred(ci->i_layout) >= 0) {
+		val += ret;
+		size -= ret;
+		ret += snprintf(val, size, "preferred_osd=%lld\n",
  			    (unsigned long long)ceph_file_layout_pg_preferred(
  				    ci->i_layout));
+	}
+
  	return ret;
  }

-- 
1.7.5.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] ceph: fix three bugs, two in ceph_vxattrcb_file_layout()
  2012-03-12 22:42 [PATCH] ceph: fix three bugs, two in ceph_vxattrcb_file_layout() Alex Elder
@ 2012-03-13  5:39 ` Sage Weil
  0 siblings, 0 replies; 2+ messages in thread
From: Sage Weil @ 2012-03-13  5:39 UTC (permalink / raw)
  To: Alex Elder; +Cc: ceph-devel

Reviewed-by: Sage Weil <sage@newdream.net>

On Mon, 12 Mar 2012, Alex Elder wrote:

> In ceph_vxattrcb_file_layout(), there is a check to determine
> whether a preferred PG should be formatted into the output buffer.
> That check assumes that a preferred PG number of 0 indicates "no
> preference," but that is wrong.  No preference is indicated by a
> negative (specifically, -1) PG number.
> 
> In addition, if that condition yields true, the preferred value
> is formatted into a sized buffer, but the size consumed by the
> earlier snprintf() call is not accounted for, opening up the
> possibilty of a buffer overrun.
> 
> Finally, in ceph_vxattrcb_dir_rctime() where the nanoseconds part of
> the time displayed did not include leading 0's, which led to
> erroneous (sub-second portion of) time values being shown.
> 
> This fixes these three issues:
>     http://tracker.newdream.net/issues/2155
>     http://tracker.newdream.net/issues/2156
>     http://tracker.newdream.net/issues/2157
> 
> Signed-off-by: Alex Elder <elder@dreamhost.com>
> ---
>  fs/ceph/xattr.c |   11 ++++++++---
>  1 files changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
> index 18df51e..715cfc6 100644
> --- a/fs/ceph/xattr.c
> +++ b/fs/ceph/xattr.c
> @@ -79,7 +79,7 @@ static size_t ceph_vxattrcb_dir_rbytes(struct
> ceph_inode_info *ci, char *val,
>  static size_t ceph_vxattrcb_dir_rctime(struct ceph_inode_info *ci, char *val,
>  				       size_t size)
>  {
> -	return snprintf(val, size, "%ld.%ld", (long)ci->i_rctime.tv_sec,
> +	return snprintf(val, size, "%ld.09%ld", (long)ci->i_rctime.tv_sec,
>  			(long)ci->i_rctime.tv_nsec);
>  }
> 
> @@ -118,10 +118,15 @@ static size_t ceph_vxattrcb_file_layout(struct
> ceph_inode_info *ci, char *val,
>  		(unsigned long long)ceph_file_layout_su(ci->i_layout),
>  		(unsigned long
> long)ceph_file_layout_stripe_count(ci->i_layout),
>  		(unsigned long
> long)ceph_file_layout_object_size(ci->i_layout));
> -	if (ceph_file_layout_pg_preferred(ci->i_layout))
> -		ret += snprintf(val + ret, size, "preferred_osd=%lld\n",
> +
> +	if (ceph_file_layout_pg_preferred(ci->i_layout) >= 0) {
> +		val += ret;
> +		size -= ret;
> +		ret += snprintf(val, size, "preferred_osd=%lld\n",
>  			    (unsigned long long)ceph_file_layout_pg_preferred(
>  				    ci->i_layout));
> +	}
> +
>  	return ret;
>  }
> 
> -- 
> 1.7.5.4
> 
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-03-13  5:39 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-12 22:42 [PATCH] ceph: fix three bugs, two in ceph_vxattrcb_file_layout() Alex Elder
2012-03-13  5:39 ` Sage Weil

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.