ceph: don't drop message if it contains more data than expected

Later version mds may encode more data into messages.

Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

2 files changed, 4 insertions, 4 deletions

diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index 5b767cf1f780..bc43c822426a 100644
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -3406,10 +3406,10 @@ static void handle_lease(struct ceph_mds_client *mdsc,
         vino.ino = le64_to_cpu(h->ino);
         vino.snap = CEPH_NOSNAP;
         seq = le32_to_cpu(h->seq);
-        dname.name = (void *)h + sizeof(*h) + sizeof(u32);
-        dname.len = msg->front.iov_len - sizeof(*h) - sizeof(u32);
-        if (dname.len != get_unaligned_le32(h+1))
+        dname.len = get_unaligned_le32(h + 1);
+        if (msg->front.iov_len < sizeof(*h) + sizeof(u32) + dname.len)
                 goto bad;
+        dname.name = (void *)(h + 1) + sizeof(u32);
 
         /* lookup inode */
         inode = ceph_find_inode(sb, vino);
diff --git a/fs/ceph/quota.c b/fs/ceph/quota.c
index 242bfa5c0539..32d4f13784ba 100644
--- a/fs/ceph/quota.c
+++ b/fs/ceph/quota.c
@@ -48,7 +48,7 @@ void ceph_handle_quota(struct ceph_mds_client *mdsc,
         struct inode *inode;
         struct ceph_inode_info *ci;
 
-        if (msg->front.iov_len != sizeof(*h)) {
+        if (msg->front.iov_len < sizeof(*h)) {
                 pr_err("%s corrupt message mds%d len %d\n", __func__,
                        session->s_mds, (int)msg->front.iov_len);
                 ceph_msg_dump(msg);