From: Josh Durgin <josh.durgin@inktank.com>
To: Alex Elder <elder@inktank.com>
Cc: "ceph-devel@vger.kernel.org" <ceph-devel@vger.kernel.org>
Subject: Re: [PATCH, v2] libceph: skip message if too big to receive
Date: Mon, 08 Apr 2013 17:36:55 -0700 [thread overview]
Message-ID: <516362A7.4050600@inktank.com> (raw)
In-Reply-To: <5160889E.6080600@inktank.com>
Assuming we'll come back and clean this up soon:
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
On 04/06/2013 01:42 PM, Alex Elder wrote:
> I found a bug in this and am posting the following
> update. If a connection's alloc_msg() method sets
> the skip flag, it will return with con->in_msg being
> a null pointer. The original version of this would
> dereference that pointer without checking, which
> causes a crash. This version checks first.
>
> (This and the updated patches that follow it are
> available in the "review/wip-3761-4" branch of the
> ceph-client git repository.)
>
> -Alex
>
> We know the length of our message buffers. If we get a message
> that's too long, just dump it and ignore it. If skip was set
> then con->in_msg won't be valid, so be careful not to dereference
> a null pointer in the process.
>
> This resolves:
> http://tracker.ceph.com/issues/4664
>
> Signed-off-by: Alex Elder <elder@inktank.com>
> ---
> v2: make sure con->in_msg is valid before dereferencing it
>
> net/ceph/messenger.c | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
> index 994192b..cb5b4e6 100644
> --- a/net/ceph/messenger.c
> +++ b/net/ceph/messenger.c
> @@ -2207,10 +2207,18 @@ static int read_partial_message(struct
> ceph_connection *con)
> ret = ceph_con_in_msg_alloc(con, &skip);
> if (ret < 0)
> return ret;
> +
> + BUG_ON(!con->in_msg ^ skip);
> + if (con->in_msg && data_len > con->in_msg->data_length) {
> + pr_warning("%s skipping long message (%u > %zd)\n",
> + __func__, data_len, con->in_msg->data_length);
> + ceph_msg_put(con->in_msg);
> + con->in_msg = NULL;
> + skip = 1;
> + }
> if (skip) {
> /* skip this message */
> dout("alloc_msg said skip message\n");
> - BUG_ON(con->in_msg);
> con->in_base_pos = -front_len - middle_len - data_len -
> sizeof(m->footer);
> con->in_tag = CEPH_MSGR_TAG_READY;
>
prev parent reply other threads:[~2013-04-09 0:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-05 22:18 [PATCH] libceph: skip message if too big to receive Alex Elder
2013-04-06 20:42 ` [PATCH, v2] " Alex Elder
2013-04-09 0:36 ` Josh Durgin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=516362A7.4050600@inktank.com \
--to=josh.durgin@inktank.com \
--cc=ceph-devel@vger.kernel.org \
--cc=elder@inktank.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.