diff options
| author | Jeff Layton <jlayton@kernel.org> | 2019-09-26 16:05:11 -0400 |
|---|---|---|
| committer | Ilya Dryomov <idryomov@gmail.com> | 2019-10-15 11:43:10 -0400 |
| commit | 1d3f87233e26362fc3d4e59f0f31a71b570f90b9 (patch) | |
| tree | 1a9f6944e50eac6d2675e78338a259780f95df4c /fs | |
| parent | 4f5cafb5cb8471e54afdc9054d973535614f7675 (diff) | |
ceph: just skip unrecognized info in ceph_reply_info_extra
In the future, we're going to want to extend the ceph_reply_info_extra
for create replies. Currently though, the kernel code doesn't accept an
extra blob that is larger than the expected data.
Change the code to skip over any unrecognized fields at the end of the
extra blob, rather than returning -EIO.
Cc: stable@vger.kernel.org
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/ceph/mds_client.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index a8a8f84f3bbf..a5163296d9d9 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c | |||
| @@ -384,8 +384,8 @@ static int parse_reply_info_readdir(void **p, void *end, | |||
| 384 | } | 384 | } |
| 385 | 385 | ||
| 386 | done: | 386 | done: |
| 387 | if (*p != end) | 387 | /* Skip over any unrecognized fields */ |
| 388 | goto bad; | 388 | *p = end; |
| 389 | return 0; | 389 | return 0; |
| 390 | 390 | ||
| 391 | bad: | 391 | bad: |
| @@ -406,12 +406,10 @@ static int parse_reply_info_filelock(void **p, void *end, | |||
| 406 | goto bad; | 406 | goto bad; |
| 407 | 407 | ||
| 408 | info->filelock_reply = *p; | 408 | info->filelock_reply = *p; |
| 409 | *p += sizeof(*info->filelock_reply); | ||
| 410 | 409 | ||
| 411 | if (unlikely(*p != end)) | 410 | /* Skip over any unrecognized fields */ |
| 412 | goto bad; | 411 | *p = end; |
| 413 | return 0; | 412 | return 0; |
| 414 | |||
| 415 | bad: | 413 | bad: |
| 416 | return -EIO; | 414 | return -EIO; |
| 417 | } | 415 | } |
| @@ -425,18 +423,21 @@ static int parse_reply_info_create(void **p, void *end, | |||
| 425 | { | 423 | { |
| 426 | if (features == (u64)-1 || | 424 | if (features == (u64)-1 || |
| 427 | (features & CEPH_FEATURE_REPLY_CREATE_INODE)) { | 425 | (features & CEPH_FEATURE_REPLY_CREATE_INODE)) { |
| 426 | /* Malformed reply? */ | ||
| 428 | if (*p == end) { | 427 | if (*p == end) { |
| 429 | info->has_create_ino = false; | 428 | info->has_create_ino = false; |
| 430 | } else { | 429 | } else { |
| 431 | info->has_create_ino = true; | 430 | info->has_create_ino = true; |
| 432 | info->ino = ceph_decode_64(p); | 431 | ceph_decode_64_safe(p, end, info->ino, bad); |
| 433 | } | 432 | } |
| 433 | } else { | ||
| 434 | if (*p != end) | ||
| 435 | goto bad; | ||
| 434 | } | 436 | } |
| 435 | 437 | ||
| 436 | if (unlikely(*p != end)) | 438 | /* Skip over any unrecognized fields */ |
| 437 | goto bad; | 439 | *p = end; |
| 438 | return 0; | 440 | return 0; |
| 439 | |||
| 440 | bad: | 441 | bad: |
| 441 | return -EIO; | 442 | return -EIO; |
| 442 | } | 443 | } |