diff mbox

[1/3] ceph: add BUG_ON check to ceph_pagelist_encode_string() for safety

Message ID

20180623125524.29233-1-cgxu519@gmx.com (mailing list archive)

State

New, archived

Headers

show

From: Chengguang Xu <cgxu519@gmx.com>
To: ceph-devel@vger.kernel.org
Cc: zyan@redhat.com, idryomov@gmail.com, Chengguang Xu <cgxu519@gmx.com>
Subject: [PATCH 1/3] ceph: add BUG_ON check to ceph_pagelist_encode_string()
	for safety
Date: Sat, 23 Jun 2018 20:55:22 +0800
Message-Id: <20180623125524.29233-1-cgxu519@gmx.com>
Sender: ceph-devel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Chengguang Xu June 23, 2018, 12:55 p.m. UTC

ceph_pagelist_encode_string() should only handle string which is not
longer than U32_MAX. However, the type size_t in 64bit environment
will be 64bit unsigned long. So add a BUG_ON check just for safety.

Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
---
 include/linux/ceph/pagelist.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Ilya Dryomov June 24, 2018, 8:40 a.m. UTC | #1

On Sat, Jun 23, 2018 at 2:55 PM Chengguang Xu <cgxu519@gmx.com> wrote:
>
> ceph_pagelist_encode_string() should only handle string which is not
> longer than U32_MAX. However, the type size_t in 64bit environment
> will be 64bit unsigned long. So add a BUG_ON check just for safety.
>
> Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
> ---
>  include/linux/ceph/pagelist.h | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/ceph/pagelist.h b/include/linux/ceph/pagelist.h
> index 7edcded07641..0120af5cd1d4 100644
> --- a/include/linux/ceph/pagelist.h
> +++ b/include/linux/ceph/pagelist.h
> @@ -70,7 +70,10 @@ static inline int ceph_pagelist_encode_8(struct ceph_pagelist *pl, u8 v)
>  static inline int ceph_pagelist_encode_string(struct ceph_pagelist *pl,
>                                               char *s, size_t len)
>  {
> -       int ret = ceph_pagelist_encode_32(pl, len);
> +       int ret;
> +
> +       BUG_ON(len > U32_MAX);
> +       ret = ceph_pagelist_encode_32(pl, len);
>         if (ret)
>                 return ret;
>         if (len)

Why crash the kernel when you can easily return an error from
ceph_pagelist_encode_string()?

Thanks,

                Ilya
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff mbox

Patch

diff --git a/include/linux/ceph/pagelist.h b/include/linux/ceph/pagelist.h
index 7edcded07641..0120af5cd1d4 100644
--- a/include/linux/ceph/pagelist.h
+++ b/include/linux/ceph/pagelist.h
@@ -70,7 +70,10 @@  static inline int ceph_pagelist_encode_8(struct ceph_pagelist *pl, u8 v)
 static inline int ceph_pagelist_encode_string(struct ceph_pagelist *pl,
 					      char *s, size_t len)
 {
-	int ret = ceph_pagelist_encode_32(pl, len);
+	int ret;
+
+	BUG_ON(len > U32_MAX);
+	ret = ceph_pagelist_encode_32(pl, len);
 	if (ret)
 		return ret;
 	if (len)