From: Alex Elder <elder@inktank.com>
To: ceph-devel@vger.kernel.org
Subject: [PATCH 11/16] ceph: ensure auth ops are defined before use
Date: Thu, 17 May 2012 09:05:02 -0500 [thread overview]
Message-ID: <4FB5058E.4020800@inktank.com> (raw)
In-Reply-To: <4FB50329.7010206@inktank.com>
In the create_authorizer method for both the mds and osd clients,
the auth_client->ops pointer is blindly dereferenced. There is no
obvious guarantee that this pointer has been assigned. And
furthermore, even if the ops pointer is non-null there is definitely
no guarantee that the create_authorizer or destroy_authorizer
methods are defined.
Add checks in both routines to make sure they are defined (non-null)
before use. Add similar checks in a few other spots in these files
while we're at it.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
---
fs/ceph/mds_client.c | 14 ++++++--------
net/ceph/osd_client.c | 15 ++++++++++-----
2 files changed, 16 insertions(+), 13 deletions(-)
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index b71ffd2..4622817 100644
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -3406,16 +3406,14 @@ static int get_authorizer(struct ceph_connection
*con,
int ret = 0;
if (force_new && auth->authorizer) {
- ac->ops->destroy_authorizer(ac, auth->authorizer);
+ if (ac->ops && ac->ops->destroy_authorizer)
+ ac->ops->destroy_authorizer(ac, auth->authorizer);
auth->authorizer = NULL;
}
- if (auth->authorizer == NULL) {
- if (ac->ops->create_authorizer) {
- ret = ac->ops->create_authorizer(ac,
- CEPH_ENTITY_TYPE_MDS, auth);
- if (ret)
- return ret;
- }
+ if (!auth->authorizer && ac->ops && ac->ops->create_authorizer) {
+ ret = ac->ops->create_authorizer(ac, CEPH_ENTITY_TYPE_MDS, auth);
+ if (ret)
+ return ret;
}
*proto = ac->protocol;
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index 2da4b9e..f640bdf 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -664,10 +664,10 @@ static void put_osd(struct ceph_osd *osd)
{
dout("put_osd %p %d -> %d\n", osd, atomic_read(&osd->o_ref),
atomic_read(&osd->o_ref) - 1);
- if (atomic_dec_and_test(&osd->o_ref)) {
+ if (atomic_dec_and_test(&osd->o_ref) && osd->o_auth.authorizer) {
struct ceph_auth_client *ac = osd->o_osdc->client->monc.auth;
- if (osd->o_auth.authorizer)
+ if (ac->ops && ac->ops->destroy_authorizer)
ac->ops->destroy_authorizer(ac, osd->o_auth.authorizer);
kfree(osd);
}
@@ -2119,10 +2119,11 @@ static int get_authorizer(struct ceph_connection
*con,
int ret = 0;
if (force_new && auth->authorizer) {
- ac->ops->destroy_authorizer(ac, auth->authorizer);
+ if (ac->ops && ac->ops->destroy_authorizer)
+ ac->ops->destroy_authorizer(ac, auth->authorizer);
auth->authorizer = NULL;
}
- if (auth->authorizer == NULL) {
+ if (!auth->authorizer && ac->ops && ac->ops->create_authorizer) {
ret = ac->ops->create_authorizer(ac, CEPH_ENTITY_TYPE_OSD, auth);
if (ret)
return ret;
@@ -2144,6 +2145,10 @@ static int verify_authorizer_reply(struct
ceph_connection *con, int len)
struct ceph_osd_client *osdc = o->o_osdc;
struct ceph_auth_client *ac = osdc->client->monc.auth;
+ /*
+ * XXX If ac->ops or ac->ops->verify_authorizer_reply is null,
+ * XXX which do we do: succeed or fail?
+ */
return ac->ops->verify_authorizer_reply(ac, o->o_auth.authorizer, len);
}
@@ -2153,7 +2158,7 @@ static int invalidate_authorizer(struct
ceph_connection *con)
struct ceph_osd_client *osdc = o->o_osdc;
struct ceph_auth_client *ac = osdc->client->monc.auth;
- if (ac->ops->invalidate_authorizer)
+ if (ac->ops && ac->ops->invalidate_authorizer)
ac->ops->invalidate_authorizer(ac, CEPH_ENTITY_TYPE_OSD);
return ceph_monc_validate_auth(&osdc->client->monc);
--
1.7.5.4
next prev parent reply other threads:[~2012-05-17 14:04 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-17 13:54 [PATCH 00/16] ceph: messenger cleanups and fixes Alex Elder
2012-05-17 14:03 ` [PATCH 01/16] libceph: don't reset kvec in prepare_write_banner() Alex Elder
2012-05-17 14:04 ` [PATCH 02/16] ceph: messenger: reset connection kvec caller Alex Elder
2012-05-17 14:04 ` [PATCH 03/16] ceph: messenger: send banner in process_connect() Alex Elder
2012-05-17 14:04 ` [PATCH 04/16] ceph: drop msgr argument from prepare_write_connect() Alex Elder
2012-05-17 14:04 ` [PATCH 05/16] ceph: don't set WRITE_PENDING too early Alex Elder
2012-05-17 14:04 ` [PATCH 06/16] ceph: messenger: check prepare_write_connect() result Alex Elder
2012-05-17 14:04 ` [PATCH 07/16] ceph: messenger: rework prepare_connect_authorizer() Alex Elder
2012-05-17 14:04 ` [PATCH 08/16] ceph: messenger: check return from get_authorizer Alex Elder
2012-05-17 14:04 ` [PATCH 09/16] ceph: define ceph_auth_handshake type Alex Elder
2012-05-17 14:04 ` [PATCH 10/16] ceph: messenger: reduce args to create_authorizer Alex Elder
2012-05-17 14:05 ` Alex Elder [this message]
2012-05-17 14:05 ` [PATCH 12/16] ceph: have get_authorizer methods return pointers Alex Elder
2012-05-17 14:05 ` [PATCH 13/16] ceph: use info returned by get_authorizer Alex Elder
2012-05-17 14:05 ` [PATCH 14/16] ceph: return pointer from prepare_connect_authorizer() Alex Elder
2012-05-17 14:05 ` [PATCH 15/16] ceph: rename prepare_connect_authorizer() Alex Elder
2012-05-17 14:05 ` [PATCH 16/16] ceph: add auth buf in prepare_write_connect() Alex Elder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FB5058E.4020800@inktank.com \
--to=elder@inktank.com \
--cc=ceph-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.