Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 30dc6381 authored by Sage Weil's avatar Sage Weil
Browse files

ceph: fix error paths for corrupt osdmap messages 



Both osdmap_decode() and osdmap_apply_incremental() should never return
NULL.

Signed-off-by: default avatarSage Weil <sage@newdream.net>
parent 5de7bf8a

fs/ceph/osd_client.c

+2 −0
Original line number Diff line number Diff line
@@ -910,6 +910,7 @@ void ceph_osdc_handle_map(struct ceph_osd_client *osdc, struct ceph_msg *msg) 
				err = PTR_ERR(newmap);

				goto bad;

			}

			BUG_ON(!newmap);

			if (newmap != osdc->osdmap) {

				ceph_osdmap_destroy(osdc->osdmap);

				osdc->osdmap = newmap;
@@ -946,6 +947,7 @@ void ceph_osdc_handle_map(struct ceph_osd_client *osdc, struct ceph_msg *msg) 
				err = PTR_ERR(newmap);

				goto bad;

			}

			BUG_ON(!newmap);

			oldmap = osdc->osdmap;

			osdc->osdmap = newmap;

			if (oldmap)

fs/ceph/osdmap.c

+6 −5
Original line number Diff line number Diff line
@@ -200,6 +200,7 @@ static struct crush_map *crush_decode(void *pbyval, void *end) 
			size = sizeof(struct crush_bucket_straw);

			break;

		default:

			err = -EINVAL;

			goto bad;

		}

		BUG_ON(size == 0);
@@ -278,6 +279,7 @@ static struct crush_map *crush_decode(void *pbyval, void *end) 
		/* len */

		ceph_decode_32_safe(p, end, yes, bad);

#if BITS_PER_LONG == 32

		err = -EINVAL;

		if (yes > ULONG_MAX / sizeof(struct crush_rule_step))

			goto bad;

#endif
@@ -489,11 +491,10 @@ struct ceph_osdmap *osdmap_decode(void **p, void *end) 
		ceph_decode_copy(p, &pgid, sizeof(pgid));

		n = ceph_decode_32(p);

		ceph_decode_need(p, end, n * sizeof(u32), bad);

		pg = kmalloc(sizeof(*pg) + n*sizeof(u32), GFP_NOFS);

		if (!pg) {

		err = -ENOMEM;

		pg = kmalloc(sizeof(*pg) + n*sizeof(u32), GFP_NOFS);

		if (!pg)

			goto bad;

		}

		pg->pgid = pgid;

		pg->len = n;

		for (j = 0; j < n; j++)
@@ -564,8 +565,7 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end, 
	if (len > 0) {

		dout("apply_incremental full map len %d, %p to %p\n",

		     len, *p, end);

		newmap = osdmap_decode(p, min(*p+len, end));

		return newmap;  /* error or not */

		return osdmap_decode(p, min(*p+len, end));

	}



	/* new crush? */
@@ -809,6 +809,7 @@ int ceph_calc_object_layout(struct ceph_object_layout *ol, 
	struct ceph_pg_pool_info *pool;

	unsigned ps;



	BUG_ON(!osdmap);

	if (poolid >= osdmap->num_pools)

		return -EIO;