aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2008-01-25 23:22:26 -0500
committerDavid Teigland <teigland@redhat.com>2008-02-04 02:26:31 -0500
commitef58bccab7c7ef34451aa4ceea39545ef126b666 (patch)
tree56cdbdeba5db2cdca3e3f96a7124a4f83c56e791
parenta5dd06313dbcec3a2c8a5e4a6f3ddb2a8fc72ec9 (diff)
dlm: make find_rsb() fail gracefully when namelen is too large
We *can* get there from receive_request() and dlm_recover_master_copy() with namelen too large if incoming request is invalid; BUG() from DLM_ASSERT() in allocate_rsb() is a bit excessive reaction to that and in case of dlm_recover_master_copy() we would actually oops before that while calculating hash of up to 64Kb worth of data - with data actually being 64 _bytes_ in kmalloc()'ed struct. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David Teigland <teigland@redhat.com>
-rw-r--r--fs/dlm/lock.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c
index 0593dd81d46d..6d98cf9d043d 100644
--- a/fs/dlm/lock.c
+++ b/fs/dlm/lock.c
@@ -436,11 +436,15 @@ static int find_rsb(struct dlm_ls *ls, char *name, int namelen,
436{ 436{
437 struct dlm_rsb *r, *tmp; 437 struct dlm_rsb *r, *tmp;
438 uint32_t hash, bucket; 438 uint32_t hash, bucket;
439 int error = 0; 439 int error = -EINVAL;
440
441 if (namelen > DLM_RESNAME_MAXLEN)
442 goto out;
440 443
441 if (dlm_no_directory(ls)) 444 if (dlm_no_directory(ls))
442 flags |= R_CREATE; 445 flags |= R_CREATE;
443 446
447 error = 0;
444 hash = jhash(name, namelen, 0); 448 hash = jhash(name, namelen, 0);
445 bucket = hash & (ls->ls_rsbtbl_size - 1); 449 bucket = hash & (ls->ls_rsbtbl_size - 1);
446 450