* [PATCH 0/3] rbd: a few small cleanups
@ 2012-08-06 18:01 Alex Elder
2012-08-06 18:03 ` [PATCH 1/3] rbd: make snap_names_len a u64 Alex Elder
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Alex Elder @ 2012-08-06 18:01 UTC (permalink / raw)
To: ceph-devel@vger.kernel.org
This is a small series of cleanups to rbd code.
[PATCH 1/3] rbd: make snap_names_len a u64
[PATCH 2/3] rbd: ensure invalid pointers are made null
[PATCH 3/e] rbd: use sizeof (object) instead of sizeof (type)
-Alex
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/3] rbd: make snap_names_len a u64
2012-08-06 18:01 [PATCH 0/3] rbd: a few small cleanups Alex Elder
@ 2012-08-06 18:03 ` Alex Elder
2012-08-06 18:03 ` [PATCH 2/3] rbd: ensure invalid pointers are made null Alex Elder
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Alex Elder @ 2012-08-06 18:03 UTC (permalink / raw)
To: ceph-devel@vger.kernel.org
The snap_names_len field of an rbd_image_header structure is defined
with type size_t. That field is used as both the source and target
of 64-bit byte-order swapping operations though, so it's best to
define it with type u64 instead.
Signed-off-by: Alex Elder <elder@inktank.com>
---
drivers/block/rbd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: b/drivers/block/rbd.c
===================================================================
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -81,7 +81,7 @@ struct rbd_image_header {
__u8 crypt_type;
__u8 comp_type;
struct ceph_snap_context *snapc;
- size_t snap_names_len;
+ u64 snap_names_len;
u32 total_snaps;
char *snap_names;
@@ -511,6 +511,7 @@ static int rbd_header_from_disk(struct r
if (snap_count) {
header->snap_names_len = le64_to_cpu(ondisk->snap_names_len);
+ BUG_ON(header->snap_names_len > (u64) SIZE_MAX);
header->snap_names = kmalloc(header->snap_names_len,
GFP_KERNEL);
if (!header->snap_names)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 2/3] rbd: ensure invalid pointers are made null
2012-08-06 18:01 [PATCH 0/3] rbd: a few small cleanups Alex Elder
2012-08-06 18:03 ` [PATCH 1/3] rbd: make snap_names_len a u64 Alex Elder
@ 2012-08-06 18:03 ` Alex Elder
2012-08-06 18:03 ` [PATCH 3/3] rbd: use sizeof (object) instead of sizeof (type) Alex Elder
2012-08-07 23:28 ` [PATCH 0/3] rbd: a few small cleanups Josh Durgin
3 siblings, 0 replies; 5+ messages in thread
From: Alex Elder @ 2012-08-06 18:03 UTC (permalink / raw)
To: ceph-devel@vger.kernel.org
Fix a number of spots where a pointer value that is known to
have become invalid but was not reset to null.
Also, toss in a change so we use sizeof (object) rather than
sizeof (type).
Signed-off-by: Alex Elder <elder@inktank.com>
---
drivers/block/rbd.c | 10 ++++++++++
1 file changed, 10 insertions(+)
Index: b/drivers/block/rbd.c
===================================================================
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -569,6 +569,7 @@ err_sizes:
err_names:
kfree(header->snap_names);
header->snap_names = NULL;
+ header->snap_names_len = 0;
err_snapc:
kfree(header->snapc);
header->snapc = NULL;
@@ -632,9 +633,14 @@ done:
static void rbd_header_free(struct rbd_image_header *header)
{
kfree(header->object_prefix);
+ header->object_prefix = NULL;
kfree(header->snap_sizes);
+ header->snap_sizes = NULL;
kfree(header->snap_names);
+ header->snap_names = NULL;
+ header->snap_names_len = 0;
ceph_put_snap_context(header->snapc);
+ header->snapc = NULL;
}
/*
@@ -2444,7 +2450,10 @@ static int rbd_add_parse_args(struct rbd
out_err:
kfree(rbd_dev->header_name);
+ rbd_dev->header_name = NULL;
kfree(rbd_dev->image_name);
+ rbd_dev->image_name = NULL;
+ rbd_dev->image_name_len = 0;
kfree(rbd_dev->pool_name);
rbd_dev->pool_name = NULL;
@@ -2496,6 +2505,7 @@ static ssize_t rbd_add(struct bus_type *
options);
if (IS_ERR(rbd_dev->rbd_client)) {
rc = PTR_ERR(rbd_dev->rbd_client);
+ rbd_dev->rbd_client = NULL;
goto err_put_id;
}
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 3/3] rbd: use sizeof (object) instead of sizeof (type)
2012-08-06 18:01 [PATCH 0/3] rbd: a few small cleanups Alex Elder
2012-08-06 18:03 ` [PATCH 1/3] rbd: make snap_names_len a u64 Alex Elder
2012-08-06 18:03 ` [PATCH 2/3] rbd: ensure invalid pointers are made null Alex Elder
@ 2012-08-06 18:03 ` Alex Elder
2012-08-07 23:28 ` [PATCH 0/3] rbd: a few small cleanups Josh Durgin
3 siblings, 0 replies; 5+ messages in thread
From: Alex Elder @ 2012-08-06 18:03 UTC (permalink / raw)
To: ceph-devel@vger.kernel.org
Fix a few spots in rbd_header_from_disk() to use sizeof (object)
rather than sizeof (type). Use a local variable to record sizes
to shorten some lines and improve readability.
Signed-off-by: Alex Elder <elder@inktank.com>
---
drivers/block/rbd.c | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
Index: b/drivers/block/rbd.c
===================================================================
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -495,17 +495,21 @@ static int rbd_header_from_disk(struct r
u32 allocated_snaps)
{
u32 snap_count;
+ size_t size;
if (!rbd_dev_ondisk_valid(ondisk))
return -ENXIO;
snap_count = le32_to_cpu(ondisk->snap_count);
- if (snap_count > (SIZE_MAX - sizeof(struct ceph_snap_context))
- / sizeof (u64))
+
+ /* Make sure we don't overflow below */
+ size = SIZE_MAX - sizeof (struct ceph_snap_context);
+ if (snap_count > size / sizeof (header->snapc->snaps[0]))
return -EINVAL;
- header->snapc = kmalloc(sizeof(struct ceph_snap_context) +
- snap_count * sizeof(u64),
- GFP_KERNEL);
+
+ size = sizeof (struct ceph_snap_context);
+ size += snap_count * sizeof (header->snapc->snaps[0]);
+ header->snapc = kmalloc(size, GFP_KERNEL);
if (!header->snapc)
return -ENOMEM;
@@ -516,8 +520,8 @@ static int rbd_header_from_disk(struct r
GFP_KERNEL);
if (!header->snap_names)
goto err_snapc;
- header->snap_sizes = kmalloc(snap_count * sizeof(u64),
- GFP_KERNEL);
+ size = snap_count * sizeof (*header->snap_sizes);
+ header->snap_sizes = kmalloc(size, GFP_KERNEL);
if (!header->snap_sizes)
goto err_names;
} else {
@@ -527,14 +531,12 @@ static int rbd_header_from_disk(struct r
header->snap_sizes = NULL;
}
- header->object_prefix = kmalloc(sizeof (ondisk->block_name) + 1,
- GFP_KERNEL);
+ size = sizeof (ondisk->block_name) + 1;
+ header->object_prefix = kmalloc(size, GFP_KERNEL);
if (!header->object_prefix)
goto err_sizes;
-
- memcpy(header->object_prefix, ondisk->block_name,
- sizeof(ondisk->block_name));
- header->object_prefix[sizeof (ondisk->block_name)] = '\0';
+ memcpy(header->object_prefix, ondisk->block_name, size - 1);
+ header->object_prefix[size - 1] = '\0';
header->image_size = le64_to_cpu(ondisk->image_size);
header->obj_order = ondisk->options.order;
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 0/3] rbd: a few small cleanups
2012-08-06 18:01 [PATCH 0/3] rbd: a few small cleanups Alex Elder
` (2 preceding siblings ...)
2012-08-06 18:03 ` [PATCH 3/3] rbd: use sizeof (object) instead of sizeof (type) Alex Elder
@ 2012-08-07 23:28 ` Josh Durgin
3 siblings, 0 replies; 5+ messages in thread
From: Josh Durgin @ 2012-08-07 23:28 UTC (permalink / raw)
To: Alex Elder; +Cc: ceph-devel@vger.kernel.org
On 08/06/2012 11:01 AM, Alex Elder wrote:
> This is a small series of cleanups to rbd code.
>
> [PATCH 1/3] rbd: make snap_names_len a u64
> [PATCH 2/3] rbd: ensure invalid pointers are made null
> [PATCH 3/e] rbd: use sizeof (object) instead of sizeof (type)
>
> -Alex
This series looks good.
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-08-07 23:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-06 18:01 [PATCH 0/3] rbd: a few small cleanups Alex Elder
2012-08-06 18:03 ` [PATCH 1/3] rbd: make snap_names_len a u64 Alex Elder
2012-08-06 18:03 ` [PATCH 2/3] rbd: ensure invalid pointers are made null Alex Elder
2012-08-06 18:03 ` [PATCH 3/3] rbd: use sizeof (object) instead of sizeof (type) Alex Elder
2012-08-07 23:28 ` [PATCH 0/3] rbd: a few small cleanups Josh Durgin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.