From patchwork Sun Mar 31 04:59:47 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Elder X-Patchwork-Id: 2368261 Return-Path: X-Original-To: patchwork-ceph-devel@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork1.kernel.org (Postfix) with ESMTP id DA4AB3FC8C for ; Sun, 31 Mar 2013 05:00:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753694Ab3CaE7u (ORCPT ); Sun, 31 Mar 2013 00:59:50 -0400 Received: from mail-gh0-f174.google.com ([209.85.160.174]:37343 "EHLO mail-gh0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750747Ab3CaE7u (ORCPT ); Sun, 31 Mar 2013 00:59:50 -0400 Received: by mail-gh0-f174.google.com with SMTP id g10so226290ghb.33 for ; Sat, 30 Mar 2013 21:59:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding:x-gm-message-state; bh=p7pJ/3oeuvdJfG0fr3ZTnPf/9ke+9yGDAQkfJuwn2qQ=; b=SrZ8BonlaF2/o796PBzFNqb+4tzVXcXPy1v1Dhh1W0LEdgqZ9IR2LbzUgtwV56XLJx HBZpqJt1kIV0ut5UykbgJd0om5hLWcICq4dEvp6mTUJiI/X5VbyWboKpcUxR42RxBGvx oeukRMIUbkFRt9w14SZVPOoaIa8vEbqrwARi88YBIKa81s3NtzkhMIIqTRlvwv12VqUs ekRc8J5bm7nhxlmwfNRGNl8wj1ObTCUkY+wBn/8H8Y6m1bR2OoFoRAFxZXFrIzZkGnvi j3RnDfS5V6EQ8/jv5cPKu1Z3IMlIbEWCojvBvkp0uu0hoiMQrvf16SC7jdrsahHCibjh Dpig== X-Received: by 10.236.81.172 with SMTP id m32mr5450520yhe.198.1364705989747; Sat, 30 Mar 2013 21:59:49 -0700 (PDT) Received: from [172.22.22.4] (c-71-195-31-37.hsd1.mn.comcast.net. [71.195.31.37]) by mx.google.com with ESMTPS id t27sm15777530yhm.20.2013.03.30.21.59.48 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 30 Mar 2013 21:59:48 -0700 (PDT) Message-ID: <5157C2C3.8070801@inktank.com> Date: Sat, 30 Mar 2013 23:59:47 -0500 From: Alex Elder User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130308 Thunderbird/17.0.4 MIME-Version: 1.0 To: "ceph-devel@vger.kernel.org" Subject: [PATCH] libceph: account for alignment in pages cursor X-Gm-Message-State: ALoCoQlnMCj3oRCLM/QSgb6fVlskFx2klKSNjQR/bX4SWbGmV2jr+xN2hIEur8Ru+W/i9ewW1QNg Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org When a cursor for a page array data message is initialized it needs to determine the initial value for cursor->last_piece. Currently it just checks if length is less than a page, but that's not correct. The data in the first page in the array will be offset by a page offset based on the alignment recorded for the data. (All pages thereafter will be aligned at the base of the page, so there's no need to account for this except for the first page.) Because this was wrong, there was a case where the length of a piece would be calculated as all of the residual bytes in the message and that plus the page offset could exceed the length of a page. So fix this case. Make sure the sum won't wrap. This resolves a third issue described in: http://tracker.ceph.com/issues/4598 Signed-off-by: Alex Elder Reviewed-by: Sage Weil --- net/ceph/messenger.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) static struct page *ceph_msg_data_pages_next(struct ceph_msg_data *data, diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c index 198b902..ee16086 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -839,9 +839,10 @@ static void ceph_msg_data_pages_cursor_init(struct ceph_msg_data *data, page_count = calc_pages_for(data->alignment, (u64)data->length); cursor->page_offset = data->alignment & ~PAGE_MASK; cursor->page_index = 0; - BUG_ON(page_count > (int) USHRT_MAX); - cursor->page_count = (unsigned short) page_count; - cursor->last_piece = length <= PAGE_SIZE; + BUG_ON(page_count > (int)USHRT_MAX); + cursor->page_count = (unsigned short)page_count; + BUG_ON(length > SIZE_MAX - cursor->page_offset); + cursor->last_piece = (size_t)cursor->page_offset + length <= PAGE_SIZE; }