libceph: fix osd request encoding regression

Message ID	20170724132802.7916-1-zyan@redhat.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <ceph-devel-owner@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B8FB837EEF From: "Yan, Zheng" <zyan@redhat.com> To: ceph-devel@vger.kernel.org, idryomov@gmail.com Cc: "Yan, Zheng" <zyan@redhat.com> Subject: [PATCH] libceph: fix osd request encoding regression Date: Mon, 24 Jul 2017 21:28:02 +0800 Message-Id: <20170724132802.7916-1-zyan@redhat.com> Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk

Message ID

20170724132802.7916-1-zyan@redhat.com (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B8FB837EEF
From: "Yan, Zheng" <zyan@redhat.com>
To: ceph-devel@vger.kernel.org, idryomov@gmail.com
Cc: "Yan, Zheng" <zyan@redhat.com>
Subject: [PATCH] libceph: fix osd request encoding regression
Date: Mon, 24 Jul 2017 21:28:02 +0800
Message-Id: <20170724132802.7916-1-zyan@redhat.com>
Sender: ceph-devel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Yan, Zheng July 24, 2017, 1:28 p.m. UTC

The new BUG_ON in encode_request_partial() verifies that space used
by encoding request front is exactly equal to request message size.
This is wrong because request messages allocated from mempool always
have size PAGE_SIZE.

Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
---
 net/ceph/osd_client.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index 5c9d696..81f6199 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -1913,10 +1913,11 @@  static void encode_request_partial(struct ceph_osd_request *req,
 	}
 
 	ceph_encode_32(&p, req->r_attempts); /* retry_attempt */
-	BUG_ON(p != end - 8); /* space for features */
+	BUG_ON(p + 8 > end); /* space for features */
 
 	msg->hdr.version = cpu_to_le16(8); /* MOSDOp v8 */
-	/* front_len is finalized in encode_request_finish() */
+	msg->front.iov_len = p + 8 - msg->front.iov_base;
+	msg->hdr.front_len = cpu_to_le32(msg->front.iov_len);
 	msg->hdr.data_len = cpu_to_le32(data_len);
 	/*
 	 * The header "data_off" is a hint to the receiver allowing it
@@ -1932,7 +1933,7 @@  static void encode_request_partial(struct ceph_osd_request *req,
 static void encode_request_finish(struct ceph_msg *msg)
 {
 	void *p = msg->front.iov_base;
-	void *const end = p + msg->front_alloc_len;
+	void *const end = p + msg->front.iov_len;
 
 	if (CEPH_HAVE_FEATURE(msg->con->peer_features, RESEND_ON_SPLIT)) {
 		/* luminous OSD -- encode features and be done */
@@ -2008,11 +2009,11 @@  static void encode_request_finish(struct ceph_msg *msg)
 		p += tail_len;
 
 		msg->hdr.version = cpu_to_le16(4); /* MOSDOp v4 */
-	}
 
-	BUG_ON(p > end);
-	msg->front.iov_len = p - msg->front.iov_base;
-	msg->hdr.front_len = cpu_to_le32(msg->front.iov_len);
+		BUG_ON(p > end);
+		msg->front.iov_len = p - msg->front.iov_base;
+		msg->hdr.front_len = cpu_to_le32(msg->front.iov_len);
+	}
 
 	dout("%s msg %p tid %llu %u+%u+%u v%d\n", __func__, msg,
 	     le64_to_cpu(msg->hdr.tid), le32_to_cpu(msg->hdr.front_len),
@@ -3981,7 +3982,7 @@  static struct ceph_msg *create_backoff_message(
 		return NULL;
 
 	p = msg->front.iov_base;
-	end = p + msg->front_alloc_len;
+	end = p + msg->front.iov_len;
 
 	encode_spgid(&p, &backoff->spgid);
 	ceph_encode_32(&p, map_epoch);

libceph: fix osd request encoding regression

Commit Message

Patch