ceph: fix error paths for corrupt osdmap messages
Both osdmap_decode() and osdmap_apply_incremental() should never return NULL. Signed-off-by: Sage Weil <sage@newdream.net>
This commit is contained in:
Sage Weil
parent
5de7bf8afa
commit
30dc6381bb
|
|
@ -910,6 +910,7 @@ void ceph_osdc_handle_map(struct ceph_osd_client *osdc, struct ceph_msg *msg)
|
||||||
err = PTR_ERR(newmap);
|
err = PTR_ERR(newmap);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
|
BUG_ON(!newmap);
|
||||||
if (newmap != osdc->osdmap) {
|
if (newmap != osdc->osdmap) {
|
||||||
ceph_osdmap_destroy(osdc->osdmap);
|
ceph_osdmap_destroy(osdc->osdmap);
|
||||||
osdc->osdmap = newmap;
|
osdc->osdmap = newmap;
|
||||||
|
|
@ -946,6 +947,7 @@ void ceph_osdc_handle_map(struct ceph_osd_client *osdc, struct ceph_msg *msg)
|
||||||
err = PTR_ERR(newmap);
|
err = PTR_ERR(newmap);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
|
BUG_ON(!newmap);
|
||||||
oldmap = osdc->osdmap;
|
oldmap = osdc->osdmap;
|
||||||
osdc->osdmap = newmap;
|
osdc->osdmap = newmap;
|
||||||
if (oldmap)
|
if (oldmap)
|
||||||
|
|
|
||||||
|
|
@ -200,6 +200,7 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
|
||||||
size = sizeof(struct crush_bucket_straw);
|
size = sizeof(struct crush_bucket_straw);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
err = -EINVAL;
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
BUG_ON(size == 0);
|
BUG_ON(size == 0);
|
||||||
|
|
@ -278,6 +279,7 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
|
||||||
/* len */
|
/* len */
|
||||||
ceph_decode_32_safe(p, end, yes, bad);
|
ceph_decode_32_safe(p, end, yes, bad);
|
||||||
#if BITS_PER_LONG == 32
|
#if BITS_PER_LONG == 32
|
||||||
|
err = -EINVAL;
|
||||||
if (yes > ULONG_MAX / sizeof(struct crush_rule_step))
|
if (yes > ULONG_MAX / sizeof(struct crush_rule_step))
|
||||||
goto bad;
|
goto bad;
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -489,11 +491,10 @@ struct ceph_osdmap *osdmap_decode(void **p, void *end)
|
||||||
ceph_decode_copy(p, &pgid, sizeof(pgid));
|
ceph_decode_copy(p, &pgid, sizeof(pgid));
|
||||||
n = ceph_decode_32(p);
|
n = ceph_decode_32(p);
|
||||||
ceph_decode_need(p, end, n * sizeof(u32), bad);
|
ceph_decode_need(p, end, n * sizeof(u32), bad);
|
||||||
|
err = -ENOMEM;
|
||||||
pg = kmalloc(sizeof(*pg) + n*sizeof(u32), GFP_NOFS);
|
pg = kmalloc(sizeof(*pg) + n*sizeof(u32), GFP_NOFS);
|
||||||
if (!pg) {
|
if (!pg)
|
||||||
err = -ENOMEM;
|
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
|
||||||
pg->pgid = pgid;
|
pg->pgid = pgid;
|
||||||
pg->len = n;
|
pg->len = n;
|
||||||
for (j = 0; j < n; j++)
|
for (j = 0; j < n; j++)
|
||||||
|
|
@ -564,8 +565,7 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end,
|
||||||
if (len > 0) {
|
if (len > 0) {
|
||||||
dout("apply_incremental full map len %d, %p to %p\n",
|
dout("apply_incremental full map len %d, %p to %p\n",
|
||||||
len, *p, end);
|
len, *p, end);
|
||||||
newmap = osdmap_decode(p, min(*p+len, end));
|
return osdmap_decode(p, min(*p+len, end));
|
||||||
return newmap; /* error or not */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* new crush? */
|
/* new crush? */
|
||||||
|
|
@ -809,6 +809,7 @@ int ceph_calc_object_layout(struct ceph_object_layout *ol,
|
||||||
struct ceph_pg_pool_info *pool;
|
struct ceph_pg_pool_info *pool;
|
||||||
unsigned ps;
|
unsigned ps;
|
||||||
|
|
||||||
|
BUG_ON(!osdmap);
|
||||||
if (poolid >= osdmap->num_pools)
|
if (poolid >= osdmap->num_pools)
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue