On Sat, Jun 23, 2018 at 2:55 PM Chengguang Xu <cgxu519@xxxxxxx> wrote:
>
> ceph_pagelist_encode_string() should only handle string which is not
> longer than U32_MAX. However, the type size_t in 64bit environment
> will be 64bit unsigned long. So add a BUG_ON check just for safety.
>
> Signed-off-by: Chengguang Xu <cgxu519@xxxxxxx>
> ---
> include/linux/ceph/pagelist.h | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/ceph/pagelist.h b/include/linux/ceph/pagelist.h
> index 7edcded07641..0120af5cd1d4 100644
> --- a/include/linux/ceph/pagelist.h
> +++ b/include/linux/ceph/pagelist.h
> @@ -70,7 +70,10 @@ static inline int ceph_pagelist_encode_8(struct ceph_pagelist *pl, u8 v)
> static inline int ceph_pagelist_encode_string(struct ceph_pagelist *pl,
> char *s, size_t len)
> {
> - int ret = ceph_pagelist_encode_32(pl, len);
> + int ret;
> +
> + BUG_ON(len > U32_MAX);
> + ret = ceph_pagelist_encode_32(pl, len);
> if (ret)
> return ret;
> if (len)
Why crash the kernel when you can easily return an error from
ceph_pagelist_encode_string()?
Thanks,
Ilya
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
