From patchwork Mon Aug 5 04:04:30 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nathaniel Yazdani X-Patchwork-Id: 2838519 Return-Path: X-Original-To: patchwork-ceph-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id EABE09F479 for ; Mon, 5 Aug 2013 04:05:33 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 2749120160 for ; Mon, 5 Aug 2013 04:05:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4E5412015B for ; Mon, 5 Aug 2013 04:05:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751325Ab3HEEFM (ORCPT ); Mon, 5 Aug 2013 00:05:12 -0400 Received: from mail-pb0-f46.google.com ([209.85.160.46]:42991 "EHLO mail-pb0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751320Ab3HEEFL (ORCPT ); Mon, 5 Aug 2013 00:05:11 -0400 Received: by mail-pb0-f46.google.com with SMTP id rq2so2836969pbb.19 for ; Sun, 04 Aug 2013 21:05:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:subject:from:to:cc:date:content-type:x-mailer :mime-version:content-transfer-encoding; bh=d5HRfkrpl/DGbhQpQR7b5jA/r0SNG/33tcJq3g3TPrk=; b=jQPCchHV+j/TF2E4oSKjOS1qDH7rPKw4mx8zpsBO25SOvhUm2yxIUnP49sarky3xxH oKx5BEy54cMPldBzes3gPjrg+zn9yjiOgKrV7a/kTdtLuYu+ag4z+EMAynVpbf9gugpu Aaw0VbjNOeTu2PKIBXmbk3XfkUlEDYG3/AWdDTUeUF3VIh+/3XX2oOMs7ghnqvA1FHEv pODRaE8SOZvQLVY/OzCkz6IYpD6t7ZZ4gM4sQdedCeTrAq3oExgebhLDWr2sMUgsT2Ip Vez7ZVYv4NYiAwJMNMo5AcFijYOS6v3jWJQsO3RDTz0XBhAK/IEPXETQPM/MmpdqO4eg 6N5A== X-Received: by 10.66.76.34 with SMTP id h2mr22435449paw.128.1375675510742; Sun, 04 Aug 2013 21:05:10 -0700 (PDT) Received: from [192.168.0.7] (75-164-175-64.ptld.qwest.net. [75.164.175.64]) by mx.google.com with ESMTPSA id ys4sm21298656pbb.9.2013.08.04.21.05.09 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 04 Aug 2013 21:05:10 -0700 (PDT) Message-ID: <1375675470.19205.2.camel@lizardlounge> Subject: [PATCH] ceph: fix null pointer dereference From: Nathaniel Yazdani To: sage@inktank.com Cc: ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org Date: Sun, 04 Aug 2013 21:04:30 -0700 X-Mailer: Evolution 3.6.4 Mime-Version: 1.0 Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When register_session() is given an out-of-range argument for mds, ceph_mdsmap_get_addr() will return a null pointer, which would be given to ceph_con_open() & be dereferenced, causing a kernel oops. This fixes bug #4685 in the Ceph bug tracker . Signed-off-by: Nathaniel Yazdani --- -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index 187bf21..ddff072 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -414,6 +414,9 @@ static struct ceph_mds_session *register_session(struct ceph_mds_client *mdsc, { struct ceph_mds_session *s; + if (mds >= mdsc->mdsmap->m_max_mds) + return ERR_PTR(-EINVAL); + s = kzalloc(sizeof(*s), GFP_NOFS); if (!s) return ERR_PTR(-ENOMEM);