From 09974e3d70145343f10cccc8d12917814ccf2c8a Mon Sep 17 00:00:00 2001 From: Frank Zago Date: Sun, 12 Oct 2014 13:57:05 -0500 Subject: [PATCH] LU-5732 hsm: sanity check for progress input During an HSM archive or restore, the progress is reported by the copytool, in userspace. That value may be bogus. For instance, this will crash the MDS in interval_set(): he.offset = -1; he.length = 10; rc = llapi_hsm_action_progress(hcp, &he, length, 0); So check that userspace is giving a sane progress extent value. Signed-off-by: frank zago Change-Id: I0eb3fa9a66400a4ff3cee2f256c08e1d84744111 Reviewed-on: http://review.whamcloud.com/12285 Reviewed-by: John L. Hammond Tested-by: Jenkins Reviewed-by: James Nunez Reviewed-by: Henri Doreau Tested-by: Maloo Reviewed-by: Oleg Drokin --- lustre/mdt/mdt_hsm_cdt_requests.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lustre/mdt/mdt_hsm_cdt_requests.c b/lustre/mdt/mdt_hsm_cdt_requests.c index 3125dcc..7430747 100644 --- a/lustre/mdt/mdt_hsm_cdt_requests.c +++ b/lustre/mdt/mdt_hsm_cdt_requests.c @@ -156,8 +156,13 @@ static int hsm_update_work(struct cdt_req_progress *crp, int rc, osz, nsz; struct interval_node **new_vv; struct interval_node *v, *node; + __u64 end; ENTRY; + end = extent->offset + extent->length; + if (end <= extent->offset) + RETURN(-EINVAL); + mutex_lock(&crp->crp_lock); /* new node index */ @@ -196,7 +201,7 @@ static int hsm_update_work(struct cdt_req_progress *crp, v = crp->crp_node[crp->crp_cnt / NODE_VECTOR_SZ]; node = &v[crp->crp_cnt % NODE_VECTOR_SZ]; - interval_set(node, extent->offset, extent->offset + extent->length); + interval_set(node, extent->offset, end); /* try to insert, if entry already exist ignore the new one * it can happen if ct sends 2 times the same progress */ if (interval_insert(node, &crp->crp_root) == NULL) @@ -205,7 +210,7 @@ static int hsm_update_work(struct cdt_req_progress *crp, rc = 0; out: mutex_unlock(&crp->crp_lock); - return rc; + RETURN(rc); } /** -- 1.8.3.1