From patchwork Thu Jul 13 16:08:02 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ilya Dryomov <idryomov@gmail.com>
X-Patchwork-Id: 9839241
Return-Path: <ceph-devel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	80170602A0 for <patchwork-ceph-devel@patchwork.kernel.org>;
	Thu, 13 Jul 2017 16:08:41 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6EE2028704
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Thu, 13 Jul 2017 16:08:41 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 6226828715; Thu, 13 Jul 2017 16:08:41 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CD70D28704
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Thu, 13 Jul 2017 16:08:40 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752129AbdGMQIh (ORCPT
	<rfc822;patchwork-ceph-devel@patchwork.kernel.org>);
	Thu, 13 Jul 2017 12:08:37 -0400
Received: from mail-wm0-f65.google.com ([74.125.82.65]:34799 "EHLO
	mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751267AbdGMQIg (ORCPT
	<rfc822; ceph-devel@vger.kernel.org>); Thu, 13 Jul 2017 12:08:36 -0400
Received: by mail-wm0-f65.google.com with SMTP id p204so6032139wmg.1
	for <ceph-devel@vger.kernel.org>;
	Thu, 13 Jul 2017 09:08:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=bpMMFXamGWr2nJlvaSnT/LQouDAqS4k79nrSF1CxSgQ=;
	b=dybIsU6fvLZfJju9WE0JENiW8CERQa4ALem+FaGomzDoFZ735dWhVZ3dSHLp7iwVup
	mvldJfo0XqXnavqGno1QlVJVV5MA6OE4c1yp7dGN3m12WBVVO/gsyc58RR+0IdWBGkoh
	zIwmFy10X3qtEfZTLg1sMnfqKmyK9hqy+Q/4q5Ef+5SlSGOJnXZabzLVySDz5xmanNN4
	OaKuXdLp2Mntf8uer1sesQ/muTmZXylj5XDssSkqMg6InTtr5t9cs834S8Qjx6DRHmU1
	MfZjRsXY85VtY7KLfPddIuuP9i+S+EgFyy9XgV/nlCeKR415IuaQYwdTkmEtzK9l+f+1
	2ucQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=bpMMFXamGWr2nJlvaSnT/LQouDAqS4k79nrSF1CxSgQ=;
	b=bcOI29mfpMQwIhjW6d9icZjBc+/+lOCmdCexB2w/bSS6AGyT+O5QQRjPHSZ2SERkBN
	CQOc/8O0M+S+NZqxToLE1VDC+uzOeDpqWwQr6S2NCkquPThWXQ6kPMY7axs8I2MW76Rn
	byES5ssmo5pwZoOyPU3u0vZhUMJsU9Dw9tN7tbsp7PfuuMT2FliHw0RiTZ7ngOqxF/Et
	TpeJ2U0FK+N4xe76t2t6zmhEFiH3QJJque7Be0Li32MiLgtZeKRzMOs7YUdRPZZAz6s0
	kOFRHnSbXTVROtjG+S2Qs7dwCoDP33xQZ4GiXWMYruxP1vHUqfMiQjDMA5y2tycD+AYq
	+qeQ==
X-Gm-Message-State: AIVw110zxV5d/zdxD1iutPFZTAd3l9qAVjBjpO92yvQ931PpLEf4DVXK
	GRk5I4eOy/KJwaiaDaw=
X-Received: by 10.28.127.21 with SMTP id a21mr2832468wmd.18.1499962115238;
	Thu, 13 Jul 2017 09:08:35 -0700 (PDT)
Received: from orange.brq.redhat.com. (nat-pool-brq-t.redhat.com.
	[213.175.37.10]) by smtp.gmail.com with ESMTPSA id
	u80sm5958330wrb.1.2017.07.13.09.08.34
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 13 Jul 2017 09:08:34 -0700 (PDT)
From: Ilya Dryomov <idryomov@gmail.com>
To: ceph-devel@vger.kernel.org
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Subject: [PATCH] libceph: set -EINVAL in one place in crush_decode()
Date: Thu, 13 Jul 2017 18:08:02 +0200
Message-Id: <1499962082-31986-1-git-send-email-idryomov@gmail.com>
X-Mailer: git-send-email 2.4.3
Sender: ceph-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

No sooner than Dan had fixed this issue in commit 293dffaad8d5
("libceph: NULL deref on crush_decode() error path"), I brought it
back.  Add a new label and set -EINVAL once, right before failing.

Fixes: 278b1d709c6a ("libceph: ceph_decode_skip_* helpers")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---
 net/ceph/osdmap.c | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index 7e01099e0a83..64ae9f89773a 100644
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -338,7 +338,7 @@ static void crush_finalize(struct crush_map *c)
 static struct crush_map *crush_decode(void *pbyval, void *end)
 {
 	struct crush_map *c;
-	int err = -EINVAL;
+	int err;
 	int i, j;
 	void **p = &pbyval;
 	void *start = pbyval;
@@ -407,7 +407,6 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
 			size = sizeof(struct crush_bucket_straw2);
 			break;
 		default:
-			err = -EINVAL;
 			goto bad;
 		}
 		BUG_ON(size == 0);
@@ -439,31 +438,31 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
 			err = crush_decode_uniform_bucket(p, end,
 				  (struct crush_bucket_uniform *)b);
 			if (err < 0)
-				goto bad;
+				goto fail;
 			break;
 		case CRUSH_BUCKET_LIST:
 			err = crush_decode_list_bucket(p, end,
 			       (struct crush_bucket_list *)b);
 			if (err < 0)
-				goto bad;
+				goto fail;
 			break;
 		case CRUSH_BUCKET_TREE:
 			err = crush_decode_tree_bucket(p, end,
 				(struct crush_bucket_tree *)b);
 			if (err < 0)
-				goto bad;
+				goto fail;
 			break;
 		case CRUSH_BUCKET_STRAW:
 			err = crush_decode_straw_bucket(p, end,
 				(struct crush_bucket_straw *)b);
 			if (err < 0)
-				goto bad;
+				goto fail;
 			break;
 		case CRUSH_BUCKET_STRAW2:
 			err = crush_decode_straw2_bucket(p, end,
 				(struct crush_bucket_straw2 *)b);
 			if (err < 0)
-				goto bad;
+				goto fail;
 			break;
 		}
 	}
@@ -474,7 +473,6 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
 		u32 yes;
 		struct crush_rule *r;
 
-		err = -EINVAL;
 		ceph_decode_32_safe(p, end, yes, bad);
 		if (!yes) {
 			dout("crush_decode NO rule %d off %x %p to %p\n",
@@ -489,7 +487,6 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
 		/* len */
 		ceph_decode_32_safe(p, end, yes, bad);
 #if BITS_PER_LONG == 32
-		err = -EINVAL;
 		if (yes > (ULONG_MAX - sizeof(*r))
 			  / sizeof(struct crush_rule_step))
 			goto bad;
@@ -557,7 +554,7 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
 	if (*p != end) {
 		err = decode_choose_args(p, end, c);
 		if (err)
-			goto bad;
+			goto fail;
 	}
 
 done:
@@ -567,10 +564,14 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
 
 badmem:
 	err = -ENOMEM;
-bad:
+fail:
 	dout("crush_decode fail %d\n", err);
 	crush_destroy(c);
 	return ERR_PTR(err);
+
+bad:
+	err = -EINVAL;
+	goto fail;
 }
 
 int ceph_pg_compare(const struct ceph_pg *lhs, const struct ceph_pg *rhs)