| Message ID | 20210830121045.13994-1-jlayton@kernel.org |
|---|---|
| State | New |
| Headers | show |
| Series | ceph: ensure we return an error when parsing corrupt mdsmap | expand |
On 8/30/21 8:10 PM, Jeff Layton wrote: > Commit ba5e57de7b20 (ceph: reconnect to the export targets on new > mdsmaps) changed ceph_mdsmap_decode to "goto corrupt" when given a > bogus mds rank in the export targets. It did not set the err variable > however, which caused that function to return a NULL pointer instead of > a proper ERR_PTR value for the error. > > Fix this by setting err before doing the "goto corrupt". > > URL: https://tracker.ceph.com/issues/52436 > Fixes: ba5e57de7b20 ("ceph: reconnect to the export targets on new mdsmaps") > Signed-off-by: Jeff Layton <jlayton@kernel.org> > --- > fs/ceph/mdsmap.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > I'll plan to fold this change into the original patch since it hasn't > been merged yet. Let me know if you have objections. > > diff --git a/fs/ceph/mdsmap.c b/fs/ceph/mdsmap.c > index d995cb02d30c..61d67cbcb367 100644 > --- a/fs/ceph/mdsmap.c > +++ b/fs/ceph/mdsmap.c > @@ -263,8 +263,10 @@ struct ceph_mdsmap *ceph_mdsmap_decode(void **p, void *end, bool msgr2) > goto nomem; > for (j = 0; j < num_export_targets; j++) { > target = ceph_decode_32(&pexport_targets); > - if (target >= m->possible_max_rank) > + if (target >= m->possible_max_rank) { > + err = -EIO; > goto corrupt; > + } > info->export_targets[j] = target; > } > } else { Make sense and LGTM.
diff --git a/fs/ceph/mdsmap.c b/fs/ceph/mdsmap.c index d995cb02d30c..61d67cbcb367 100644 --- a/fs/ceph/mdsmap.c +++ b/fs/ceph/mdsmap.c @@ -263,8 +263,10 @@ struct ceph_mdsmap *ceph_mdsmap_decode(void **p, void *end, bool msgr2) goto nomem; for (j = 0; j < num_export_targets; j++) { target = ceph_decode_32(&pexport_targets); - if (target >= m->possible_max_rank) + if (target >= m->possible_max_rank) { + err = -EIO; goto corrupt; + } info->export_targets[j] = target; } } else {
Commit ba5e57de7b20 (ceph: reconnect to the export targets on new mdsmaps) changed ceph_mdsmap_decode to "goto corrupt" when given a bogus mds rank in the export targets. It did not set the err variable however, which caused that function to return a NULL pointer instead of a proper ERR_PTR value for the error. Fix this by setting err before doing the "goto corrupt". URL: https://tracker.ceph.com/issues/52436 Fixes: ba5e57de7b20 ("ceph: reconnect to the export targets on new mdsmaps") Signed-off-by: Jeff Layton <jlayton@kernel.org> --- fs/ceph/mdsmap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) I'll plan to fold this change into the original patch since it hasn't been merged yet. Let me know if you have objections.