mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-01 10:45:49 +00:00
libceph: fail sparse-read if the data length doesn't match
Once this happens that means there have bugs. Signed-off-by: Xiubo Li <xiubli@redhat.com> Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
This commit is contained in:
parent
54be6c6c5a
commit
cd7d469c25
@ -45,6 +45,7 @@ enum ceph_sparse_read_state {
|
||||
CEPH_SPARSE_READ_HDR = 0,
|
||||
CEPH_SPARSE_READ_EXTENTS,
|
||||
CEPH_SPARSE_READ_DATA_LEN,
|
||||
CEPH_SPARSE_READ_DATA_PRE,
|
||||
CEPH_SPARSE_READ_DATA,
|
||||
};
|
||||
|
||||
@ -64,7 +65,7 @@ struct ceph_sparse_read {
|
||||
u64 sr_req_len; /* orig request length */
|
||||
u64 sr_pos; /* current pos in buffer */
|
||||
int sr_index; /* current extent index */
|
||||
__le32 sr_datalen; /* length of actual data */
|
||||
u32 sr_datalen; /* length of actual data */
|
||||
u32 sr_count; /* extent count in reply */
|
||||
int sr_ext_len; /* length of extent array */
|
||||
struct ceph_sparse_extent *sr_extent; /* extent array */
|
||||
|
@ -5857,8 +5857,8 @@ static int osd_sparse_read(struct ceph_connection *con,
|
||||
struct ceph_osd *o = con->private;
|
||||
struct ceph_sparse_read *sr = &o->o_sparse_read;
|
||||
u32 count = sr->sr_count;
|
||||
u64 eoff, elen;
|
||||
int ret;
|
||||
u64 eoff, elen, len = 0;
|
||||
int i, ret;
|
||||
|
||||
switch (sr->sr_state) {
|
||||
case CEPH_SPARSE_READ_HDR:
|
||||
@ -5903,8 +5903,20 @@ static int osd_sparse_read(struct ceph_connection *con,
|
||||
convert_extent_map(sr);
|
||||
ret = sizeof(sr->sr_datalen);
|
||||
*pbuf = (char *)&sr->sr_datalen;
|
||||
sr->sr_state = CEPH_SPARSE_READ_DATA;
|
||||
sr->sr_state = CEPH_SPARSE_READ_DATA_PRE;
|
||||
break;
|
||||
case CEPH_SPARSE_READ_DATA_PRE:
|
||||
/* Convert sr_datalen to host-endian */
|
||||
sr->sr_datalen = le32_to_cpu((__force __le32)sr->sr_datalen);
|
||||
for (i = 0; i < count; i++)
|
||||
len += sr->sr_extent[i].len;
|
||||
if (sr->sr_datalen != len) {
|
||||
pr_warn_ratelimited("data len %u != extent len %llu\n",
|
||||
sr->sr_datalen, len);
|
||||
return -EREMOTEIO;
|
||||
}
|
||||
sr->sr_state = CEPH_SPARSE_READ_DATA;
|
||||
fallthrough;
|
||||
case CEPH_SPARSE_READ_DATA:
|
||||
if (sr->sr_index >= count) {
|
||||
sr->sr_state = CEPH_SPARSE_READ_HDR;
|
||||
|
Loading…
Reference in New Issue
Block a user