From patchwork Sat Aug 18 15:56:38 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dan Carpenter <dan.carpenter@oracle.com>
X-Patchwork-Id: 1341001
Return-Path: <ceph-devel-owner@vger.kernel.org>
X-Original-To: patchwork-ceph-devel@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork2.kernel.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by patchwork2.kernel.org (Postfix) with ESMTP id 6705ADF266
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Sat, 18 Aug 2012 15:56:52 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755918Ab2HRP4q (ORCPT
	<rfc822;patchwork-ceph-devel@patchwork.kernel.org>);
	Sat, 18 Aug 2012 11:56:46 -0400
Received: from acsinet15.oracle.com ([141.146.126.227]:46470 "EHLO
	acsinet15.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751669Ab2HRP4p (ORCPT
	<rfc822; ceph-devel@vger.kernel.org>); Sat, 18 Aug 2012 11:56:45 -0400
Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94])
	by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with
	ESMTP id q7IFufCg001733
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Sat, 18 Aug 2012 15:56:42 GMT
Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156])
	by ucsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id
	q7IFueCt022982
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sat, 18 Aug 2012 15:56:41 GMT
Received: from abhmt120.oracle.com (abhmt120.oracle.com [141.146.116.72])
	by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id
	q7IFudWA032368; Sat, 18 Aug 2012 10:56:39 -0500
Received: from elgon.mountain (/41.212.103.53)
	by default (Oracle Beehive Gateway v4.0)
	with ESMTP ; Sat, 18 Aug 2012 08:56:39 -0700
Date: Sat, 18 Aug 2012 18:56:38 +0300
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Sage Weil <sage@inktank.com>
Cc: ceph-devel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: [patch] ceph: divide by zero bug in __validate_layout()
Message-ID: <20120818155638.GC22424@elgon.mountain>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Source-IP: ucsinet22.oracle.com [156.151.31.94]
Sender: ceph-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org

If "l->stripe_unit" is zero the the mod on the next line will cause a
divide by zero bug.  This comes from the copy_from_user() in
ceph_ioctl_set_layout_policy()

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c
index 8e3fb69..81ec22b 100644
--- a/fs/ceph/ioctl.c
+++ b/fs/ceph/ioctl.c
@@ -42,6 +42,7 @@ static long __validate_layout(struct ceph_mds_client *mdsc,
 	/* validate striping parameters */
 	if ((l->object_size & ~PAGE_MASK) ||
 	    (l->stripe_unit & ~PAGE_MASK) ||
+	    (l->stripe_unit == 0) ||
 	    ((unsigned)l->object_size % (unsigned)l->stripe_unit))
 		return -EINVAL;