| Message ID | 5037ACC0.1000108@inktank.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, Aug 24, 2012 at 9:33 AM, Alex Elder <elder@inktank.com> wrote: > The only thing the on-disk snap_names_len field is used for is to > size the buffer allocated to hold a copy of the snapshot names for > an rbd image. > > Don't bother saving it in the in-core rbd_image_header structure. > Just use a local variable to hold the required buffer size while > it's needed. > > Move the code that actually copies the snapshot names up closer > to where the required length is saved. > > Signed-off-by: Alex Elder <elder@inktank.com> > --- > drivers/block/rbd.c | 19 ++++++------------- > 1 file changed, 6 insertions(+), 13 deletions(-) > > diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c > index a8a4cba..7b3d861 100644 > --- a/drivers/block/rbd.c > +++ b/drivers/block/rbd.c > @@ -81,7 +81,6 @@ struct rbd_image_header { > __u8 crypt_type; > __u8 comp_type; > struct ceph_snap_context *snapc; > - u64 snap_names_len; > u32 total_snaps; > > char *snap_names; > @@ -534,12 +533,14 @@ static int rbd_header_from_disk(struct > rbd_image_header *header, > header->object_prefix[len] = '\0'; > > if (snap_count) { > - header->snap_names_len = le64_to_cpu(ondisk->snap_names_len); > - BUG_ON(header->snap_names_len > (u64) SIZE_MAX); > - header->snap_names = kmalloc(header->snap_names_len, > - GFP_KERNEL); > + u64 snap_names_len = le64_to_cpu(ondisk->snap_names_len); > + > + BUG_ON(snap_names_len > (u64) SIZE_MAX); Should we get rid of this BUG_ON and return -EIO instead? > + header->snap_names = kmalloc(snap_names_len, GFP_KERNEL); > if (!header->snap_names) > goto out_err; > + memcpy(header->snap_names, &ondisk->snaps[snap_count], > + snap_names_len); I think we're missing a check here to verify that we don't exceed the ondisk buffer > > size = snap_count * sizeof (*header->snap_sizes); > header->snap_sizes = kmalloc(size, GFP_KERNEL); > @@ -547,7 +548,6 @@ static int rbd_header_from_disk(struct > rbd_image_header *header, > goto out_err; > } else { > WARN_ON(ondisk->snap_names_len); > - header->snap_names_len = 0; > header->snap_names = NULL; > header->snap_sizes = NULL; > } > @@ -579,10 +579,6 @@ static int rbd_header_from_disk(struct > rbd_image_header *header, > header->snap_sizes[i] = > le64_to_cpu(ondisk->snaps[i].image_size); > } > - > - /* copy snapshot names */ > - memcpy(header->snap_names, &ondisk->snaps[snap_count], > - header->snap_names_len); > } > > return 0; > @@ -592,7 +588,6 @@ out_err: > header->snap_sizes = NULL; > kfree(header->snap_names); > header->snap_names = NULL; > - header->snap_names_len = 0; > kfree(header->object_prefix); > header->object_prefix = NULL; > > @@ -660,7 +655,6 @@ static void rbd_header_free(struct rbd_image_header > *header) > header->snap_sizes = NULL; > kfree(header->snap_names); > header->snap_names = NULL; > - header->snap_names_len = 0; > ceph_put_snap_context(header->snapc); > header->snapc = NULL; > } > @@ -1800,7 +1794,6 @@ static int __rbd_refresh_header(struct rbd_device > *rbd_dev, u64 *hver) > rbd_dev->header.total_snaps = h.total_snaps; > rbd_dev->header.snapc = h.snapc; > rbd_dev->header.snap_names = h.snap_names; > - rbd_dev->header.snap_names_len = h.snap_names_len; > rbd_dev->header.snap_sizes = h.snap_sizes; > /* Free the extra copy of the object prefix */ > WARN_ON(strcmp(rbd_dev->header.object_prefix, h.object_prefix)); > -- > 1.7.9.5 > > -- > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 08/30/2012 11:24 AM, Yehuda Sadeh wrote: > On Fri, Aug 24, 2012 at 9:33 AM, Alex Elder <elder@inktank.com> wrote: >> The only thing the on-disk snap_names_len field is used for is to >> size the buffer allocated to hold a copy of the snapshot names for >> an rbd image. >> >> Don't bother saving it in the in-core rbd_image_header structure. >> Just use a local variable to hold the required buffer size while >> it's needed. >> >> Move the code that actually copies the snapshot names up closer >> to where the required length is saved. >> >> Signed-off-by: Alex Elder <elder@inktank.com> >> --- >> drivers/block/rbd.c | 19 ++++++------------- >> 1 file changed, 6 insertions(+), 13 deletions(-) >> >> diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c >> index a8a4cba..7b3d861 100644 >> --- a/drivers/block/rbd.c >> +++ b/drivers/block/rbd.c >> @@ -81,7 +81,6 @@ struct rbd_image_header { >> __u8 crypt_type; >> __u8 comp_type; >> struct ceph_snap_context *snapc; >> - u64 snap_names_len; >> u32 total_snaps; >> >> char *snap_names; >> @@ -534,12 +533,14 @@ static int rbd_header_from_disk(struct >> rbd_image_header *header, >> header->object_prefix[len] = '\0'; >> >> if (snap_count) { >> - header->snap_names_len = le64_to_cpu(ondisk->snap_names_len); >> - BUG_ON(header->snap_names_len > (u64) SIZE_MAX); >> - header->snap_names = kmalloc(header->snap_names_len, >> - GFP_KERNEL); >> + u64 snap_names_len = le64_to_cpu(ondisk->snap_names_len); >> + >> + BUG_ON(snap_names_len > (u64) SIZE_MAX); > > Should we get rid of this BUG_ON and return -EIO instead? Yes. I've been using BUG_ON() a bit freely and I'd really like to define a CEPH_ASSERT() or something instead. In this case I can return an error value so I will. I'll define CEPH_ASSERT() at some point, separately so I can state assumptions without potentially killing the kernel. >> + header->snap_names = kmalloc(snap_names_len, GFP_KERNEL); >> if (!header->snap_names) >> goto out_err; >> + memcpy(header->snap_names, &ondisk->snaps[snap_count], >> + snap_names_len); > > I think we're missing a check here to verify that we don't exceed the > ondisk buffer I believe in this case we're OK, though it's not obvious looking only at this code. (I'm looking at code with all these patches applied at the moment, so I may need to reorder the patches for the following explanation to be valid.) The ondisk buffer passed in here came from a successful call to what's now called rbd_dev_v1_header_read(), which reads the header in *only*, and only succeeds if it got everything it was looking for--namely the snapshot context, plus the size of the set of names that the context says will follow. It will furthermore re-read the header if the count of snapshots found in what got read differed from what we wanted it to be. Therefore the ondisk header+names buffer here will always be self-consistent--there will be room in the buffer for exactly the number of bytes to hold the set of NUL-terminated snapshot names. If I could find an easy way to verify this here I would, but right now the size of the ondisk buffer passed in is not available. If you think it's important I can make changes so it is though. And in any case, before I commit anything I'll take another look at this patch and maybe reorder things so the above argument holds water. -Alex >> >> size = snap_count * sizeof (*header->snap_sizes); >> header->snap_sizes = kmalloc(size, GFP_KERNEL); >> @@ -547,7 +548,6 @@ static int rbd_header_from_disk(struct >> rbd_image_header *header, >> goto out_err; >> } else { >> WARN_ON(ondisk->snap_names_len); >> - header->snap_names_len = 0; >> header->snap_names = NULL; >> header->snap_sizes = NULL; >> } >> @@ -579,10 +579,6 @@ static int rbd_header_from_disk(struct >> rbd_image_header *header, >> header->snap_sizes[i] = >> le64_to_cpu(ondisk->snaps[i].image_size); >> } >> - >> - /* copy snapshot names */ >> - memcpy(header->snap_names, &ondisk->snaps[snap_count], >> - header->snap_names_len); >> } >> >> return 0; >> @@ -592,7 +588,6 @@ out_err: >> header->snap_sizes = NULL; >> kfree(header->snap_names); >> header->snap_names = NULL; >> - header->snap_names_len = 0; >> kfree(header->object_prefix); >> header->object_prefix = NULL; >> >> @@ -660,7 +655,6 @@ static void rbd_header_free(struct rbd_image_header >> *header) >> header->snap_sizes = NULL; >> kfree(header->snap_names); >> header->snap_names = NULL; >> - header->snap_names_len = 0; >> ceph_put_snap_context(header->snapc); >> header->snapc = NULL; >> } >> @@ -1800,7 +1794,6 @@ static int __rbd_refresh_header(struct rbd_device >> *rbd_dev, u64 *hver) >> rbd_dev->header.total_snaps = h.total_snaps; >> rbd_dev->header.snapc = h.snapc; >> rbd_dev->header.snap_names = h.snap_names; >> - rbd_dev->header.snap_names_len = h.snap_names_len; >> rbd_dev->header.snap_sizes = h.snap_sizes; >> /* Free the extra copy of the object prefix */ >> WARN_ON(strcmp(rbd_dev->header.object_prefix, h.object_prefix)); >> -- >> 1.7.9.5 >> >> -- >> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c index a8a4cba..7b3d861 100644 --- a/drivers/block/rbd.c +++ b/drivers/block/rbd.c @@ -81,7 +81,6 @@ struct rbd_image_header { __u8 crypt_type; __u8 comp_type; struct ceph_snap_context *snapc; - u64 snap_names_len; u32 total_snaps; char *snap_names; @@ -534,12 +533,14 @@ static int rbd_header_from_disk(struct rbd_image_header *header, header->object_prefix[len] = '\0'; if (snap_count) { - header->snap_names_len = le64_to_cpu(ondisk->snap_names_len); - BUG_ON(header->snap_names_len > (u64) SIZE_MAX); - header->snap_names = kmalloc(header->snap_names_len, - GFP_KERNEL); + u64 snap_names_len = le64_to_cpu(ondisk->snap_names_len); + + BUG_ON(snap_names_len > (u64) SIZE_MAX); + header->snap_names = kmalloc(snap_names_len, GFP_KERNEL); if (!header->snap_names) goto out_err; + memcpy(header->snap_names, &ondisk->snaps[snap_count], + snap_names_len); size = snap_count * sizeof (*header->snap_sizes);
The only thing the on-disk snap_names_len field is used for is to size the buffer allocated to hold a copy of the snapshot names for an rbd image. Don't bother saving it in the in-core rbd_image_header structure. Just use a local variable to hold the required buffer size while it's needed. Move the code that actually copies the snapshot names up closer to where the required length is saved. Signed-off-by: Alex Elder <elder@inktank.com> --- drivers/block/rbd.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) header->snap_sizes = kmalloc(size, GFP_KERNEL); @@ -547,7 +548,6 @@ static int rbd_header_from_disk(struct rbd_image_header *header, goto out_err; } else { WARN_ON(ondisk->snap_names_len); - header->snap_names_len = 0; header->snap_names = NULL; header->snap_sizes = NULL; } @@ -579,10 +579,6 @@ static int rbd_header_from_disk(struct rbd_image_header *header, header->snap_sizes[i] = le64_to_cpu(ondisk->snaps[i].image_size); } - - /* copy snapshot names */ - memcpy(header->snap_names, &ondisk->snaps[snap_count], - header->snap_names_len); } return 0; @@ -592,7 +588,6 @@ out_err: header->snap_sizes = NULL; kfree(header->snap_names); header->snap_names = NULL; - header->snap_names_len = 0; kfree(header->object_prefix); header->object_prefix = NULL; @@ -660,7 +655,6 @@ static void rbd_header_free(struct rbd_image_header *header) header->snap_sizes = NULL; kfree(header->snap_names); header->snap_names = NULL; - header->snap_names_len = 0; ceph_put_snap_context(header->snapc); header->snapc = NULL; } @@ -1800,7 +1794,6 @@ static int __rbd_refresh_header(struct rbd_device *rbd_dev, u64 *hver) rbd_dev->header.total_snaps = h.total_snaps; rbd_dev->header.snapc = h.snapc; rbd_dev->header.snap_names = h.snap_names; - rbd_dev->header.snap_names_len = h.snap_names_len; rbd_dev->header.snap_sizes = h.snap_sizes; /* Free the extra copy of the object prefix */ WARN_ON(strcmp(rbd_dev->header.object_prefix, h.object_prefix));