Commit a33c172c authored May 18, 2023 by Xiubo Li Committed by Greg Kroah-Hartman May 30, 2023

ceph: force updating the msg pointer in non-split case

commit 4cafd0400bcb6187c0d4ab4d4b0229a89ac4f8c2 upstream.

When the MClientSnap reqeust's op is not CEPH_SNAP_OP_SPLIT the
request may still contain a list of 'split_realms', and we need
to skip it anyway. Or it will be parsed as a corrupt snaptrace.

Cc: stable@vger.kernel.org
Link: https://tracker.ceph.com/issues/61200


Reported-by: Frank Schilder <frans@dtu.dk>
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 6eb9ed0a

fs/ceph/snap.c

+13 −0

Original line number	Diff line number	Diff line
		@@ -1005,6 +1005,19 @@ void ceph_handle_snap(struct ceph_mds_client *mdsc,
		continue;
		adjust_snap_realm_parent(mdsc, child, realm->ino);
		}
		} else {
		/*
		* In the non-split case both 'num_split_inos' and
		* 'num_split_realms' should be 0, making this a no-op.
		* However the MDS happens to populate 'split_realms' list
		* in one of the UPDATE op cases by mistake.
		*
		* Skip both lists just in case to ensure that 'p' is
		* positioned at the start of realm info, as expected by
		* ceph_update_snap_trace().
		*/
		p += sizeof(u64) * num_split_inos;
		p += sizeof(u64) * num_split_realms;
		}

		/*