From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
alan@lxorguk.ukuu.org.uk, Sage Weil <sage@inktank.com>,
Alex Elder <elder@inktank.com>
Subject: [ 13/24] libceph: check for invalid mapping
Date: Fri, 2 Nov 2012 10:07:01 -0700 [thread overview]
Message-ID: <20121102170248.373543982@linuxfoundation.org> (raw)
In-Reply-To: <20121102170247.406319110@linuxfoundation.org>
3.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sage Weil <sage@inktank.com>
commit d63b77f4c552cc3a20506871046ab0fcbc332609 upstream.
If we encounter an invalid (e.g., zeroed) mapping, return an error
and avoid a divide by zero.
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Alex Elder <elder@inktank.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/ceph/osd_client.h | 2 +-
include/linux/ceph/osdmap.h | 6 +++---
net/ceph/osd_client.c | 32 ++++++++++++++++++++------------
net/ceph/osdmap.c | 18 ++++++++++++++++--
4 files changed, 40 insertions(+), 18 deletions(-)
--- a/include/linux/ceph/osd_client.h
+++ b/include/linux/ceph/osd_client.h
@@ -207,7 +207,7 @@ extern void ceph_osdc_handle_reply(struc
extern void ceph_osdc_handle_map(struct ceph_osd_client *osdc,
struct ceph_msg *msg);
-extern void ceph_calc_raw_layout(struct ceph_osd_client *osdc,
+extern int ceph_calc_raw_layout(struct ceph_osd_client *osdc,
struct ceph_file_layout *layout,
u64 snapid,
u64 off, u64 *plen, u64 *bno,
--- a/include/linux/ceph/osdmap.h
+++ b/include/linux/ceph/osdmap.h
@@ -109,9 +109,9 @@ extern struct ceph_osdmap *osdmap_apply_
extern void ceph_osdmap_destroy(struct ceph_osdmap *map);
/* calculate mapping of a file extent to an object */
-extern void ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
- u64 off, u64 *plen,
- u64 *bno, u64 *oxoff, u64 *oxlen);
+extern int ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
+ u64 off, u64 *plen,
+ u64 *bno, u64 *oxoff, u64 *oxlen);
/* calculate mapping of object to a placement group */
extern int ceph_calc_object_layout(struct ceph_object_layout *ol,
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -52,7 +52,7 @@ static int op_has_extent(int op)
op == CEPH_OSD_OP_WRITE);
}
-void ceph_calc_raw_layout(struct ceph_osd_client *osdc,
+int ceph_calc_raw_layout(struct ceph_osd_client *osdc,
struct ceph_file_layout *layout,
u64 snapid,
u64 off, u64 *plen, u64 *bno,
@@ -62,12 +62,15 @@ void ceph_calc_raw_layout(struct ceph_os
struct ceph_osd_request_head *reqhead = req->r_request->front.iov_base;
u64 orig_len = *plen;
u64 objoff, objlen; /* extent in object */
+ int r;
reqhead->snapid = cpu_to_le64(snapid);
/* object extent? */
- ceph_calc_file_object_mapping(layout, off, plen, bno,
- &objoff, &objlen);
+ r = ceph_calc_file_object_mapping(layout, off, plen, bno,
+ &objoff, &objlen);
+ if (r < 0)
+ return r;
if (*plen < orig_len)
dout(" skipping last %llu, final file extent %llu~%llu\n",
orig_len - *plen, off, *plen);
@@ -83,7 +86,7 @@ void ceph_calc_raw_layout(struct ceph_os
dout("calc_layout bno=%llx %llu~%llu (%d pages)\n",
*bno, objoff, objlen, req->r_num_pages);
-
+ return 0;
}
EXPORT_SYMBOL(ceph_calc_raw_layout);
@@ -112,20 +115,25 @@ EXPORT_SYMBOL(ceph_calc_raw_layout);
*
* fill osd op in request message.
*/
-static void calc_layout(struct ceph_osd_client *osdc,
- struct ceph_vino vino,
- struct ceph_file_layout *layout,
- u64 off, u64 *plen,
- struct ceph_osd_request *req,
- struct ceph_osd_req_op *op)
+static int calc_layout(struct ceph_osd_client *osdc,
+ struct ceph_vino vino,
+ struct ceph_file_layout *layout,
+ u64 off, u64 *plen,
+ struct ceph_osd_request *req,
+ struct ceph_osd_req_op *op)
{
u64 bno;
+ int r;
- ceph_calc_raw_layout(osdc, layout, vino.snap, off,
- plen, &bno, req, op);
+ r = ceph_calc_raw_layout(osdc, layout, vino.snap, off,
+ plen, &bno, req, op);
+ if (r < 0)
+ return r;
snprintf(req->r_oid, sizeof(req->r_oid), "%llx.%08llx", vino.ino, bno);
req->r_oid_len = strlen(req->r_oid);
+
+ return r;
}
/*
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -984,7 +984,7 @@ bad:
* for now, we write only a single su, until we can
* pass a stride back to the caller.
*/
-void ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
+int ceph_calc_file_object_mapping(struct ceph_file_layout *layout,
u64 off, u64 *plen,
u64 *ono,
u64 *oxoff, u64 *oxlen)
@@ -998,11 +998,17 @@ void ceph_calc_file_object_mapping(struc
dout("mapping %llu~%llu osize %u fl_su %u\n", off, *plen,
osize, su);
+ if (su == 0 || sc == 0)
+ goto invalid;
su_per_object = osize / su;
+ if (su_per_object == 0)
+ goto invalid;
dout("osize %u / su %u = su_per_object %u\n", osize, su,
su_per_object);
- BUG_ON((su & ~PAGE_MASK) != 0);
+ if ((su & ~PAGE_MASK) != 0)
+ goto invalid;
+
/* bl = *off / su; */
t = off;
do_div(t, su);
@@ -1030,6 +1036,14 @@ void ceph_calc_file_object_mapping(struc
*plen = *oxlen;
dout(" obj extent %llu~%llu\n", *oxoff, *oxlen);
+ return 0;
+
+invalid:
+ dout(" invalid layout\n");
+ *ono = 0;
+ *oxoff = 0;
+ *oxlen = 0;
+ return -EINVAL;
}
EXPORT_SYMBOL(ceph_calc_file_object_mapping);
next prev parent reply other threads:[~2012-11-02 17:07 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-02 17:06 [ 00/24] 3.6.6-stable review Greg Kroah-Hartman
2012-11-02 17:06 ` [ 01/24] ext4: fix unjournaled inode bitmap modification Greg Kroah-Hartman
2012-11-02 17:06 ` [ 02/24] blkcg: Fix use-after-free of q->root_blkg and q->root_rl.blkg Greg Kroah-Hartman
2012-11-02 17:06 ` [ 03/24] gpio-timberdale: fix a potential wrapping issue Greg Kroah-Hartman
2012-11-02 17:06 ` [ 04/24] gpiolib: Dont return -EPROBE_DEFER to sysfs, or for invalid gpios Greg Kroah-Hartman
2012-11-02 17:06 ` [ 05/24] md/raid1: Fix assembling of arrays containing Replacements Greg Kroah-Hartman
2012-11-02 17:06 ` [ 06/24] floppy: dont call alloc_ordered_workqueue inside the alloc_disk loop Greg Kroah-Hartman
2012-11-02 17:06 ` [ 07/24] floppy: do put_disk on current dr if blk_init_queue fails Greg Kroah-Hartman
2012-11-02 17:06 ` [ 08/24] floppy: properly handle failure on add_disk loop Greg Kroah-Hartman
2012-11-02 17:06 ` [ 09/24] rbd: reset BACKOFF if unable to re-queue Greg Kroah-Hartman
2012-11-02 17:06 ` [ 10/24] libceph: avoid NULL kref_put when osd reset races with alloc_msg Greg Kroah-Hartman
2012-11-02 17:06 ` [ 11/24] ceph: fix dentry reference leak in encode_fh() Greg Kroah-Hartman
2012-11-02 17:07 ` [ 12/24] ceph: Fix oops when handling mdsmap that decreases max_mds Greg Kroah-Hartman
2012-11-02 17:07 ` Greg Kroah-Hartman [this message]
2012-11-02 17:07 ` [ 14/24] ceph: avoid 32-bit page index overflow Greg Kroah-Hartman
2012-11-02 17:07 ` [ 15/24] USB: mos7840: fix port-data memory leak Greg Kroah-Hartman
2012-11-02 17:07 ` [ 16/24] USB: iuu_phoenix: fix backported patches Greg Kroah-Hartman
2012-11-02 17:07 ` [ 17/24] USB: io_edgeport: remove unused variable Greg Kroah-Hartman
2012-11-02 17:07 ` [ 18/24] qla2xxx: Update target lookup session tables when a target session changes Greg Kroah-Hartman
2012-11-02 17:07 ` [ 19/24] target: reintroduce some obsolete SCSI-2 commands Greg Kroah-Hartman
2012-11-02 17:07 ` [ 20/24] target: Fix double-free of se_cmd in target_complete_tmr_failure Greg Kroah-Hartman
2012-11-02 17:07 ` [ 21/24] HID: microsoft: fix invalid rdesc for 3k kbd Greg Kroah-Hartman
2012-11-02 17:07 ` [ 22/24] drm/nouveau: silence modesetting spam on pre-gf8 chipsets Greg Kroah-Hartman
2012-11-02 17:07 ` [ 23/24] drm/nouveau: fix suspend/resume when in headless mode Greg Kroah-Hartman
2012-11-02 17:07 ` [ 24/24] drm/nouveau: headless mode by default if pci class != vga display Greg Kroah-Hartman
2012-11-05 7:37 ` [ 00/24] 3.6.6-stable review Zhi Yong Wu
2012-11-05 7:41 ` Greg Kroah-Hartman
2012-11-05 7:46 ` Zhi Yong Wu
2012-11-05 8:19 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121102170248.373543982@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=elder@inktank.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sage@inktank.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).