diff options
author | Alex Elder <elder@inktank.com> | 2012-10-20 23:17:27 -0400 |
---|---|---|
committer | Alex Elder <elder@inktank.com> | 2012-10-26 18:18:08 -0400 |
commit | db2388b6ee40a949084e4cdddc3b0a4357068a62 (patch) | |
tree | d73ade991884c9d60a04cb3953e632964ac20fce /drivers/block | |
parent | 4634246db8cb2e5117ef7c682efcc383fa3354f8 (diff) |
rbd: verify rbd image order value
This adds a verification that an rbd image's object order is
within the upper and lower bounds supported by this implementation.
It must be at least 9 (SECTOR_SHIFT), because the Linux bio system
assumes that minimum granularity.
It also must be less than 32 (at the moment anyway) because there
exist spots in the code that store the size of a "segment" (object
backing an rbd image) in a signed int variable, which can be 32 bits
including the sign. We should be able to relax this limit once
we've verified the code uses 64-bit types where needed.
Note that the CLI tool already limits the order to the range 12-25.
Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
Diffstat (limited to 'drivers/block')
-rw-r--r-- | drivers/block/rbd.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c index d0328835bbd9..4734446c3b5b 100644 --- a/drivers/block/rbd.c +++ b/drivers/block/rbd.c | |||
@@ -533,6 +533,16 @@ static bool rbd_dev_ondisk_valid(struct rbd_image_header_ondisk *ondisk) | |||
533 | if (memcmp(&ondisk->text, RBD_HEADER_TEXT, sizeof (RBD_HEADER_TEXT))) | 533 | if (memcmp(&ondisk->text, RBD_HEADER_TEXT, sizeof (RBD_HEADER_TEXT))) |
534 | return false; | 534 | return false; |
535 | 535 | ||
536 | /* The bio layer requires at least sector-sized I/O */ | ||
537 | |||
538 | if (ondisk->options.order < SECTOR_SHIFT) | ||
539 | return false; | ||
540 | |||
541 | /* If we use u64 in a few spots we may be able to loosen this */ | ||
542 | |||
543 | if (ondisk->options.order > 8 * sizeof (int) - 1) | ||
544 | return false; | ||
545 | |||
536 | /* | 546 | /* |
537 | * The size of a snapshot header has to fit in a size_t, and | 547 | * The size of a snapshot header has to fit in a size_t, and |
538 | * that limits the number of snapshots. | 548 | * that limits the number of snapshots. |