| Message ID | 20210906094301.GB10957@kili (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ceph: fix off by one bugs in unsafe_request_wait() | expand |
On Mon, Sep 6, 2021 at 11:43 AM Dan Carpenter <dan.carpenter@oracle.com> wrote: > > The "> max" tests should be ">= max" to prevent an out of bounds access > on the next lines. > > Fixes: e1a4541ec0b9 ("ceph: flush the mdlog before waiting on unsafe reqs") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > --- > fs/ceph/caps.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c > index 26c5029629a4..ebbad9080422 100644 > --- a/fs/ceph/caps.c > +++ b/fs/ceph/caps.c > @@ -2260,7 +2260,7 @@ static int unsafe_request_wait(struct inode *inode) > list_for_each_entry(req, &ci->i_unsafe_dirops, > r_unsafe_dir_item) { > s = req->r_session; > - if (unlikely(s->s_mds > max)) { > + if (unlikely(s->s_mds >= max)) { > spin_unlock(&ci->i_unsafe_lock); > goto retry; > } > @@ -2274,7 +2274,7 @@ static int unsafe_request_wait(struct inode *inode) > list_for_each_entry(req, &ci->i_unsafe_iops, > r_unsafe_target_item) { > s = req->r_session; > - if (unlikely(s->s_mds > max)) { > + if (unlikely(s->s_mds >= max)) { > spin_unlock(&ci->i_unsafe_lock); > goto retry; > } > -- > 2.20.1 > Applied. Thanks, Ilya
diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c index 26c5029629a4..ebbad9080422 100644 --- a/fs/ceph/caps.c +++ b/fs/ceph/caps.c @@ -2260,7 +2260,7 @@ static int unsafe_request_wait(struct inode *inode) list_for_each_entry(req, &ci->i_unsafe_dirops, r_unsafe_dir_item) { s = req->r_session; - if (unlikely(s->s_mds > max)) { + if (unlikely(s->s_mds >= max)) { spin_unlock(&ci->i_unsafe_lock); goto retry; } @@ -2274,7 +2274,7 @@ static int unsafe_request_wait(struct inode *inode) list_for_each_entry(req, &ci->i_unsafe_iops, r_unsafe_target_item) { s = req->r_session; - if (unlikely(s->s_mds > max)) { + if (unlikely(s->s_mds >= max)) { spin_unlock(&ci->i_unsafe_lock); goto retry; }
The "> max" tests should be ">= max" to prevent an out of bounds access on the next lines. Fixes: e1a4541ec0b9 ("ceph: flush the mdlog before waiting on unsafe reqs") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> --- fs/ceph/caps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)