[patch] ceph: divide by zero bug in __validate

kernel-janitors.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [patch] ceph: divide by zero bug in __validate_layout()
@ 2012-08-18 15:56 Dan Carpenter
  2012-08-20 22:33 ` Sage Weil
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2012-08-18 15:56 UTC (permalink / raw)
  To: Sage Weil; +Cc: ceph-devel, kernel-janitors

If "l->stripe_unit" is zero the the mod on the next line will cause a
divide by zero bug.  This comes from the copy_from_user() in
ceph_ioctl_set_layout_policy()

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c
index 8e3fb69..81ec22b 100644
--- a/fs/ceph/ioctl.c
+++ b/fs/ceph/ioctl.c
@@ -42,6 +42,7 @@ static long __validate_layout(struct ceph_mds_client *mdsc,
 	/* validate striping parameters */
 	if ((l->object_size & ~PAGE_MASK) ||
 	    (l->stripe_unit & ~PAGE_MASK) ||
+	    (l->stripe_unit = 0) ||
 	    ((unsigned)l->object_size % (unsigned)l->stripe_unit))
 		return -EINVAL;
 

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [patch] ceph: divide by zero bug in __validate_layout()
  2012-08-18 15:56 [patch] ceph: divide by zero bug in __validate_layout() Dan Carpenter
@ 2012-08-20 22:33 ` Sage Weil
  0 siblings, 0 replies; 2+ messages in thread
From: Sage Weil @ 2012-08-20 22:33 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: ceph-devel, kernel-janitors

Hi Dan,

I've applied a slightly different fix to the ceph tree that just skips the 
mod if stripe_unit is 0 but doesn't return EINVAL, since passing 0 is 
valid (it means 'do not change').

Thanks!
sage


On Sat, 18 Aug 2012, Dan Carpenter wrote:

> If "l->stripe_unit" is zero the the mod on the next line will cause a
> divide by zero bug.  This comes from the copy_from_user() in
> ceph_ioctl_set_layout_policy()
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c
> index 8e3fb69..81ec22b 100644
> --- a/fs/ceph/ioctl.c
> +++ b/fs/ceph/ioctl.c
> @@ -42,6 +42,7 @@ static long __validate_layout(struct ceph_mds_client *mdsc,
>  	/* validate striping parameters */
>  	if ((l->object_size & ~PAGE_MASK) ||
>  	    (l->stripe_unit & ~PAGE_MASK) ||
> +	    (l->stripe_unit = 0) ||
>  	    ((unsigned)l->object_size % (unsigned)l->stripe_unit))
>  		return -EINVAL;
>  
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> 

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-08-20 22:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-18 15:56 [patch] ceph: divide by zero bug in __validate_layout() Dan Carpenter
2012-08-20 22:33 ` Sage Weil

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).