kernel/linux.git/net/ceph/osdmap.c, branch v6.6.131Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v6.6.1312026-01-17T15:29:53+00:00libceph: make free_choose_arg_map() resilient to partial allocation2026-01-17T15:29:53+00:00Tuo Liislituo@gmail.com2025-12-20T18:11:49+00:00urn:sha1:8081faaf089db5280c3be820948469f7c58ef8dd
commit e3fe30e57649c551757a02e1cad073c47e1e075e upstream.
free_choose_arg_map() may dereference a NULL pointer if its caller fails
after a partial allocation.
For example, in decode_choose_args(), if allocation of arg_map->args
fails, execution jumps to the fail label and free_choose_arg_map() is
called. Since arg_map->size is updated to a non-zero value before memory
allocation, free_choose_arg_map() will iterate over arg_map->args and
dereference a NULL pointer.
To prevent this potential NULL pointer dereference and make
free_choose_arg_map() more resilient, add checks for pointers before
iterating.
Cc: stable@vger.kernel.org
Co-authored-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Tuo Li <islituo@gmail.com>
Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
libceph: replace overzealous BUG_ON in osdmap_apply_incremental()2026-01-17T15:29:53+00:00Ilya Dryomovidryomov@gmail.com2025-12-15T10:53:31+00:00urn:sha1:d3613770e2677683e65d062da5e31f48c409abe9
commit e00c3f71b5cf75681dbd74ee3f982a99cb690c2b upstream.
If the osdmap is (maliciously) corrupted such that the incremental
osdmap epoch is different from what is expected, there is no need to
BUG. Instead, just declare the incremental osdmap to be invalid.
Cc: stable@vger.kernel.org
Reported-by: ziming zhang <ezrakiez@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
libceph: make decode_pool() more resilient against corrupted osdmaps2026-01-11T14:22:00+00:00Ilya Dryomovidryomov@gmail.com2025-12-02T09:32:31+00:00urn:sha1:e927ab132b87ba3f076705fc2684d94b24201ed1
commit 8c738512714e8c0aa18f8a10c072d5b01c83db39 upstream.
If the osdmap is (maliciously) corrupted such that the encoded length
of ceph_pg_pool envelope is less than what is expected for a particular
encoding version, out-of-bounds reads may ensue because the only bounds
check that is there is based on that length value.
This patch adds explicit bounds checks for each field that is decoded
or skipped.
Cc: stable@vger.kernel.org
Reported-by: ziming zhang <ezrakiez@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Tested-by: ziming zhang <ezrakiez@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
libceph: replace BUG_ON with bounds check for map->max_osd2025-12-06T21:18:53+00:00ziming zhangezrakiez@gmail.com2025-11-17T10:07:41+00:00urn:sha1:becc488a4d864db338ebd4e313aa3c77da24b604
commit ec3797f043756a94ea2d0f106022e14ac4946c02 upstream.
OSD indexes come from untrusted network packets. Boundary checks are
added to validate these against map->max_osd.
[ idryomov: drop BUG_ON in ceph_get_primary_affinity(), minor cosmetic
edits ]
Cc: stable@vger.kernel.org
Signed-off-by: ziming zhang <ezrakiez@gmail.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
libceph: print fsid and epoch with osd id2022-08-02T22:54:12+00:00Daichi Mukaidaichi-mukai@cybozu.co.jp2022-06-14T11:22:36+00:00urn:sha1:842d6b019b180f5b78d71aa445ee3c724e34d462
Print fsid and epoch in libceph log messages to distinct from which
each message come.
[ idryomov: don't bother with gid for now, print epoch instead ]
Signed-off-by: Satoru Takeuchi <satoru.takeuchi@gmail.com>
Signed-off-by: Daichi Mukai <daichi-mukai@cybozu.co.jp>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
libceph: check pointer before assigned to "c->rules[]"2022-08-02T22:54:12+00:00Li Qiongliqiong@nfschina.com2022-06-14T07:10:59+00:00urn:sha1:fc54cb8d876ae7b2d1bd0cf8a4d0b96a76318a91
It should be better to check pointer firstly, then assign it
to c->rules[]. Refine code a little bit.
Signed-off-by: Li Qiong <liqiong@nfschina.com>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
mm: allow !GFP_KERNEL allocations for kvmalloc2022-01-15T14:30:29+00:00Michal Hockomhocko@suse.com2022-01-14T22:07:07+00:00urn:sha1:a421ef303008b0ceee2cfc625c3246fa7654b0ca
Support for GFP_NO{FS,IO} and __GFP_NOFAIL has been implemented by
previous patches so we can allow the support for kvmalloc. This will
allow some external users to simplify or completely remove their
helpers.
GFP_NOWAIT semantic hasn't been supported so far but it hasn't been
explicitly documented so let's add a note about that.
ceph_kvmalloc is the first helper to be dropped and changed to kvmalloc.
Link: https://lkml.kernel.org/r/20211122153233.9924-5-mhocko@kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Ilya Dryomov <idryomov@gmail.com>
Cc: Jeff Layton <jlayton@kernel.org>
Cc: Neil Brown <neilb@suse.de>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
libceph: Fix spelling mistakes2021-06-03T20:24:23+00:00Zheng Yongjunzhengyongjun3@huawei.com2021-06-02T06:56:35+00:00urn:sha1:dd0d91b9139899ba2546290ab282767600e0f358
Fix some spelling mistakes in comments:
enconding ==> encoding
ambigous ==> ambiguous
orignal ==> original
encyption ==> encryption
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net: ceph: Fix a typo in osdmap.c2021-03-26T00:05:07+00:00Lu Weiluwei32@huawei.com2021-03-25T06:38:21+00:00urn:sha1:3f9143f10c3d5055093b18fd3eaa8fc6d1b460f5
Modify "inital" to "initial" in net/ceph/osdmap.c.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Lu Wei <luwei32@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
libceph, ceph: get and handle cluster maps with addrvecs2020-12-14T22:21:50+00:00Ilya Dryomovidryomov@gmail.com2020-10-30T12:30:51+00:00urn:sha1:a5cbd5fc22d5043a8a76e15d75d031fe24d1f69c
In preparation for msgr2, make the cluster send us maps with addrvecs
including both LEGACY and MSGR2 addrs instead of a single LEGACY addr.
This means advertising support for SERVER_NAUTILUS and also some older
features: SERVER_MIMIC, MONENC and MONNAMES.
MONNAMES and MONENC are actually pre-argonaut, we just never updated
ceph_monmap_decode() for them. Decoding is unconditional, see commit
23c625ce3065 ("libceph: assume argonaut on the server side").
SERVER_MIMIC doesn't bear any meaning for the kernel client.
Since ceph_decode_entity_addrvec() is guarded by encoding version
checks (and in msgr2 case it is guarded implicitly by the fact that
server is speaking msgr2), we assume MSG_ADDR2 for it.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>