libceph: fail sparse-read if the data length doesn't match

author Xiubo Li <xiubli@redhat.com>

Fri, 13 Oct 2023 05:55:44 +0000 (13:55 +0800)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fri, 1 Mar 2024 12:34:56 +0000 (13:34 +0100)
author Xiubo Li <xiubli@redhat.com>
Fri, 13 Oct 2023 05:55:44 +0000 (13:55 +0800)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 1 Mar 2024 12:34:56 +0000 (13:34 +0100)
diff --git a/include/linux/ceph/osd_client.h b/include/linux/ceph/osd_client.h

index bf9823956758c48cb23ce688bd2cfcb17e713bcb..f703fb8030de2632d3a53f8d9ed20807f8991b1b 100644 (file)
--- a/include/linux/ceph/osd_client.h
+++ b/include/linux/ceph/osd_client.h
@@ -45,6 +45,7 @@ enum ceph_sparse_read_state {
         CEPH_SPARSE_READ_HDR    = 0,
         CEPH_SPARSE_READ_EXTENTS,
         CEPH_SPARSE_READ_DATA_LEN,
+       CEPH_SPARSE_READ_DATA_PRE,
         CEPH_SPARSE_READ_DATA,
  };
  
@@ -64,7 +65,7 @@ struct ceph_sparse_read {
         u64                             sr_req_len;  /* orig request length */
         u64                             sr_pos;      /* current pos in buffer */
         int                             sr_index;    /* current extent index */
-       __le32                          sr_datalen;  /* length of actual data */
+       u32                             sr_datalen;  /* length of actual data */
         u32                             sr_count;    /* extent count in reply */
         int                             sr_ext_len;  /* length of extent array */
         struct ceph_sparse_extent       *sr_extent;  /* extent array */
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c

index 8d9760397b887b19dcb3df7daa0bd8c5bad470bb..3babcd5e65e16daeb1e9ae1df525a810fd529b03 100644 (file)
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -5856,8 +5856,8 @@ static int osd_sparse_read(struct ceph_connection *con,
         struct ceph_osd *o = con->private;
         struct ceph_sparse_read *sr = &o->o_sparse_read;
         u32 count = sr->sr_count;
-       u64 eoff, elen;
-       int ret;
+       u64 eoff, elen, len = 0;
+       int i, ret;
  
         switch (sr->sr_state) {
         case CEPH_SPARSE_READ_HDR:
@@ -5909,8 +5909,20 @@ next_op:
                 convert_extent_map(sr);
                 ret = sizeof(sr->sr_datalen);
                 *pbuf = (char *)&sr->sr_datalen;
-               sr->sr_state = CEPH_SPARSE_READ_DATA;
+               sr->sr_state = CEPH_SPARSE_READ_DATA_PRE;
                 break;
+       case CEPH_SPARSE_READ_DATA_PRE:
+               /* Convert sr_datalen to host-endian */
+               sr->sr_datalen = le32_to_cpu((__force __le32)sr->sr_datalen);
+               for (i = 0; i < count; i++)
+                       len += sr->sr_extent[i].len;
+               if (sr->sr_datalen != len) {
+                       pr_warn_ratelimited("data len %u != extent len %llu\n",
+                                           sr->sr_datalen, len);
+                       return -EREMOTEIO;
+               }
+               sr->sr_state = CEPH_SPARSE_READ_DATA;
+               fallthrough;
         case CEPH_SPARSE_READ_DATA:
                 if (sr->sr_index >= count) {
                         sr->sr_state = CEPH_SPARSE_READ_HDR;
author	Xiubo Li <xiubli@redhat.com>
	Fri, 13 Oct 2023 05:55:44 +0000 (13:55 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 1 Mar 2024 12:34:56 +0000 (13:34 +0100)
include/linux/ceph/osd_client.h		patch \| blob \| blame \| history
net/ceph/osd_client.c		patch \| blob \| blame \| history