Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ae773d0b authored by Al Viro's avatar Al Viro Committed by David Teigland
Browse files

dlm: verify that places expecting rcom_lock have packet long enough 



Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarDavid Teigland <teigland@redhat.com>
parent cd9df1aa

fs/dlm/lock.c

+3 −0
Original line number Original line Diff line number Diff line
@@ -4266,6 +4266,7 @@ static struct dlm_lkb *search_remid(struct dlm_rsb *r, int nodeid, 
	return NULL;

	return NULL;

}

}





/* needs at least dlm_rcom + rcom_lock */

static int receive_rcom_lock_args(struct dlm_ls *ls, struct dlm_lkb *lkb,

static int receive_rcom_lock_args(struct dlm_ls *ls, struct dlm_lkb *lkb,

				  struct dlm_rsb *r, struct dlm_rcom *rc)

				  struct dlm_rsb *r, struct dlm_rcom *rc)

{

{
@@ -4315,6 +4316,7 @@ static int receive_rcom_lock_args(struct dlm_ls *ls, struct dlm_lkb *lkb, 
   the given values and send back our lkid.  We send back our lkid by sending

   the given values and send back our lkid.  We send back our lkid by sending

   back the rcom_lock struct we got but with the remid field filled in. */

   back the rcom_lock struct we got but with the remid field filled in. */





/* needs at least dlm_rcom + rcom_lock */

int dlm_recover_master_copy(struct dlm_ls *ls, struct dlm_rcom *rc)

int dlm_recover_master_copy(struct dlm_ls *ls, struct dlm_rcom *rc)

{

{

	struct rcom_lock *rl = (struct rcom_lock *) rc->rc_buf;

	struct rcom_lock *rl = (struct rcom_lock *) rc->rc_buf;
@@ -4370,6 +4372,7 @@ int dlm_recover_master_copy(struct dlm_ls *ls, struct dlm_rcom *rc) 
	return error;

	return error;

}

}





/* needs at least dlm_rcom + rcom_lock */

int dlm_recover_process_copy(struct dlm_ls *ls, struct dlm_rcom *rc)

int dlm_recover_process_copy(struct dlm_ls *ls, struct dlm_rcom *rc)

{

{

	struct rcom_lock *rl = (struct rcom_lock *) rc->rc_buf;

	struct rcom_lock *rl = (struct rcom_lock *) rc->rc_buf;

fs/dlm/rcom.c

+11 −1
Original line number Original line Diff line number Diff line
@@ -357,6 +357,7 @@ int dlm_send_rcom_lock(struct dlm_rsb *r, struct dlm_lkb *lkb) 
	return error;

	return error;

}

}





/* needs at least dlm_rcom + rcom_lock */

static void receive_rcom_lock(struct dlm_ls *ls, struct dlm_rcom *rc_in)

static void receive_rcom_lock(struct dlm_ls *ls, struct dlm_rcom *rc_in)

{

{

	struct dlm_rcom *rc;

	struct dlm_rcom *rc;
@@ -448,6 +449,8 @@ static int is_old_reply(struct dlm_ls *ls, struct dlm_rcom *rc) 




void dlm_receive_rcom(struct dlm_ls *ls, struct dlm_rcom *rc, int nodeid)

void dlm_receive_rcom(struct dlm_ls *ls, struct dlm_rcom *rc, int nodeid)

{

{

	int lock_size = sizeof(struct dlm_rcom) + sizeof(struct rcom_lock);



	if (dlm_recovery_stopped(ls) && (rc->rc_type != DLM_RCOM_STATUS)) {

	if (dlm_recovery_stopped(ls) && (rc->rc_type != DLM_RCOM_STATUS)) {

		log_debug(ls, "ignoring recovery message %x from %d",

		log_debug(ls, "ignoring recovery message %x from %d",

			  rc->rc_type, nodeid);

			  rc->rc_type, nodeid);
@@ -471,6 +474,8 @@ void dlm_receive_rcom(struct dlm_ls *ls, struct dlm_rcom *rc, int nodeid) 
		break;

		break;





	case DLM_RCOM_LOCK:

	case DLM_RCOM_LOCK:

		if (rc->rc_header.h_length < lock_size)

			goto Eshort;

		receive_rcom_lock(ls, rc);

		receive_rcom_lock(ls, rc);

		break;

		break;
@@ -487,6 +492,8 @@ void dlm_receive_rcom(struct dlm_ls *ls, struct dlm_rcom *rc, int nodeid) 
		break;

		break;





	case DLM_RCOM_LOCK_REPLY:

	case DLM_RCOM_LOCK_REPLY:

		if (rc->rc_header.h_length < lock_size)

			goto Eshort;

		dlm_recover_process_copy(ls, rc);

		dlm_recover_process_copy(ls, rc);

		break;

		break;
@@ -495,5 +502,8 @@ void dlm_receive_rcom(struct dlm_ls *ls, struct dlm_rcom *rc, int nodeid) 
	}

	}

out:

out:

	return;

	return;

Eshort:

	log_error(ls, "recovery message %x from %d is too short",

			  rc->rc_type, nodeid);

}

}