From patchwork Thu Sep 6 15:36:22 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Elder X-Patchwork-Id: 1416181 Return-Path: X-Original-To: patchwork-ceph-devel@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id 46DCCDFFCF for ; Thu, 6 Sep 2012 15:36:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758149Ab2IFPg3 (ORCPT ); Thu, 6 Sep 2012 11:36:29 -0400 Received: from mail-iy0-f174.google.com ([209.85.210.174]:63065 "EHLO mail-iy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758152Ab2IFPg2 (ORCPT ); Thu, 6 Sep 2012 11:36:28 -0400 Received: by iahk25 with SMTP id k25so2179097iah.19 for ; Thu, 06 Sep 2012 08:36:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding :x-gm-message-state; bh=f4my5oxLV0NukhGhpHxWSnwIjKwrFiENl+c/S+hs4uw=; b=AWjf6hLY7fV584VLLWEvTEdIbNmZr6IUIDrUuqSQnYi6nBOWB6GqXAlhOUzTZpFJW5 r9+cZhr5VjvW26yNxmawkTvJQPE0diSUoiE21++mLHJTo4Kg0L8z4btBwNF2wBpaToOb uBGn4z7aGm/KqJ+6Y0YjCyLAExI8J27tu6loyrJ8nt36gEqkGrziJc2SCzfD/jQYqTj8 Ba8PNO6sLGYLsOoLeQ947XJAf4STifQrBWQWhZdfVqHIKZovE4kCI0Ct1hhZdsXgEPMw Arwivn0M/XpXy19sCVuHILexCJONBOzf3HeBZkr4fIRxxUY84hB5fLamQNnqfkkq3q7Q ZrVg== Received: by 10.43.92.135 with SMTP id bq7mr2924633icc.33.1346945787792; Thu, 06 Sep 2012 08:36:27 -0700 (PDT) Received: from [172.22.22.4] (c-71-195-31-37.hsd1.mn.comcast.net. [71.195.31.37]) by mx.google.com with ESMTPS id ho1sm3956872igc.3.2012.09.06.08.36.23 (version=SSLv3 cipher=OTHER); Thu, 06 Sep 2012 08:36:23 -0700 (PDT) Message-ID: <5048C2F6.8090102@inktank.com> Date: Thu, 06 Sep 2012 10:36:22 -0500 From: Alex Elder User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0 MIME-Version: 1.0 To: ceph-devel@vger.kernel.org Subject: [PATCH, v2 03/11] rbd: kill incore snap_names_len References: <5037AB20.4000103@inktank.com> <5037ACC0.1000108@inktank.com> In-Reply-To: <5037ACC0.1000108@inktank.com> X-Gm-Message-State: ALoCoQlkTa0EJA7JOVxZoZe4/8Tv8go6a92Qwili6FFiyDGKt8hCVZDpW6n9/zKJ3wL4TeYAYhB4 Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org The only thing the on-disk snap_names_len field is needed is to size the buffer allocated to hold a copy of the snapshot names for an rbd image. So don't bother saving it in the in-core rbd_image_header structure. Just use a local variable to hold the required buffer size while it's needed. Move the code that actually copies the snapshot names up closer to where the required length is saved. Signed-off-by: Alex Elder Reviewed-by: Yehuda Sadeh --- v2: - Return -EIO rather than BUG_ON() as suggested by Yehuda. - Added a comment explaining why a memcpy() will not exceed the length of the on-disk buffer, in response to Yehuda's concern. drivers/block/rbd.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Index: b/drivers/block/rbd.c =================================================================== --- a/drivers/block/rbd.c +++ b/drivers/block/rbd.c @@ -81,7 +81,6 @@ struct rbd_image_header { __u8 crypt_type; __u8 comp_type; struct ceph_snap_context *snapc; - u64 snap_names_len; u32 total_snaps; char *snap_names; @@ -534,12 +533,21 @@ static int rbd_header_from_disk(struct r header->object_prefix[len] = '\0'; if (snap_count) { - header->snap_names_len = le64_to_cpu(ondisk->snap_names_len); - BUG_ON(header->snap_names_len > (u64) SIZE_MAX); - header->snap_names = kmalloc(header->snap_names_len, - GFP_KERNEL); + u64 snap_names_len = le64_to_cpu(ondisk->snap_names_len); + + if (snap_names_len > (u64) SIZE_MAX) + return -EIO; + header->snap_names = kmalloc(snap_names_len, GFP_KERNEL); if (!header->snap_names) goto out_err; + /* + * Note that rbd_dev_v1_header_read() guarantees + * the ondisk buffer we're working with has + * snap_names_len bytes beyond the end of the + * snapshot id array, this memcpy() is safe. + */ + memcpy(header->snap_names, &ondisk->snaps[snap_count], + snap_names_len); size = snap_count * sizeof (*header->snap_sizes); header->snap_sizes = kmalloc(size, GFP_KERNEL); @@ -547,7 +555,6 @@ static int rbd_header_from_disk(struct r goto out_err; } else { WARN_ON(ondisk->snap_names_len); - header->snap_names_len = 0; header->snap_names = NULL; header->snap_sizes = NULL; } @@ -579,10 +586,6 @@ static int rbd_header_from_disk(struct r header->snap_sizes[i] = le64_to_cpu(ondisk->snaps[i].image_size); } - - /* copy snapshot names */ - memcpy(header->snap_names, &ondisk->snaps[snap_count], - header->snap_names_len); } return 0; @@ -592,7 +595,6 @@ out_err: header->snap_sizes = NULL; kfree(header->snap_names); header->snap_names = NULL; - header->snap_names_len = 0; kfree(header->object_prefix); header->object_prefix = NULL; @@ -660,7 +662,6 @@ static void rbd_header_free(struct rbd_i header->snap_sizes = NULL; kfree(header->snap_names); header->snap_names = NULL; - header->snap_names_len = 0; ceph_put_snap_context(header->snapc); header->snapc = NULL; } @@ -1800,7 +1801,6 @@ static int __rbd_refresh_header(struct r rbd_dev->header.total_snaps = h.total_snaps; rbd_dev->header.snapc = h.snapc; rbd_dev->header.snap_names = h.snap_names; - rbd_dev->header.snap_names_len = h.snap_names_len; rbd_dev->header.snap_sizes = h.snap_sizes; /* Free the extra copy of the object prefix */ WARN_ON(strcmp(rbd_dev->header.object_prefix, h.object_prefix));