3.16.80-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Layton jlayton@kernel.org
commit 1d3f87233e26362fc3d4e59f0f31a71b570f90b9 upstream.
In the future, we're going to want to extend the ceph_reply_info_extra for create replies. Currently though, the kernel code doesn't accept an extra blob that is larger than the expected data.
Change the code to skip over any unrecognized fields at the end of the extra blob, rather than returning -EIO.
Signed-off-by: Jeff Layton jlayton@kernel.org Signed-off-by: Ilya Dryomov idryomov@gmail.com [bwh: Backported to 3.16: adjust context] Signed-off-by: Ben Hutchings ben@decadent.org.uk --- fs/ceph/mds_client.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-)
--- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -199,8 +199,8 @@ static int parse_reply_info_dir(void **p }
done: - if (*p != end) - goto bad; + /* Skip over any unrecognized fields */ + *p = end; return 0;
bad: @@ -221,12 +221,10 @@ static int parse_reply_info_filelock(voi goto bad;
info->filelock_reply = *p; - *p += sizeof(*info->filelock_reply);
- if (unlikely(*p != end)) - goto bad; + /* Skip over any unrecognized fields */ + *p = end; return 0; - bad: return -EIO; } @@ -239,18 +237,21 @@ static int parse_reply_info_create(void u64 features) { if (features & CEPH_FEATURE_REPLY_CREATE_INODE) { + /* Malformed reply? */ if (*p == end) { info->has_create_ino = false; } else { info->has_create_ino = true; - info->ino = ceph_decode_64(p); + ceph_decode_64_safe(p, end, info->ino, bad); } + } else { + if (*p != end) + goto bad; }
- if (unlikely(*p != end)) - goto bad; + /* Skip over any unrecognized fields */ + *p = end; return 0; - bad: return -EIO; }