Skip to content

Commit 6614933

Browse files
dparmar18dparmar18
committed
client: check for bad file handle in low level I/O APIs
and guard the `if (!mref_reader.is_state_satisfied())` stmt with braces. Fixes: https://tracker.ceph.com/issues/64313 Signed-off-by: Dhairya Parmar <[email protected]>
1 parent 5099c4e commit 6614933

File tree

1 file changed

+31
-7
lines changed

1 file changed

+31
-7
lines changed

src/client/Client.cc

Lines changed: 31 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15758,8 +15758,14 @@ loff_t Client::ll_lseek(Fh *fh, loff_t offset, int whence)
1575815758
int Client::ll_read(Fh *fh, loff_t off, loff_t len, bufferlist *bl)
1575915759
{
1576015760
RWRef_t mref_reader(mount_state, CLIENT_MOUNTING);
15761-
if (!mref_reader.is_state_satisfied())
15761+
if (!mref_reader.is_state_satisfied()) {
1576215762
return -CEPHFS_ENOTCONN;
15763+
}
15764+
15765+
if (fh == NULL || !_ll_fh_exists(fh)) {
15766+
ldout(cct, 3) << "(fh)" << fh << " is invalid" << dendl;
15767+
return -CEPHFS_EBADF;
15768+
}
1576315769

1576415770
ldout(cct, 3) << "ll_read " << fh << " " << fh->inode->ino << " " << " " << off << "~" << len << dendl;
1576515771
tout(cct) << "ll_read" << std::endl;
@@ -15896,17 +15902,23 @@ int Client::ll_commit_blocks(Inode *in,
1589615902

1589715903
int Client::ll_write(Fh *fh, loff_t off, loff_t len, const char *data)
1589815904
{
15905+
RWRef_t mref_reader(mount_state, CLIENT_MOUNTING);
15906+
if (!mref_reader.is_state_satisfied()) {
15907+
return -CEPHFS_ENOTCONN;
15908+
}
15909+
15910+
if (fh == NULL || !_ll_fh_exists(fh)) {
15911+
ldout(cct, 3) << "(fh)" << fh << " is invalid" << dendl;
15912+
return -CEPHFS_EBADF;
15913+
}
15914+
1589915915
ldout(cct, 3) << "ll_write " << fh << " " << fh->inode->ino << " " << off <<
1590015916
"~" << len << dendl;
1590115917
tout(cct) << "ll_write" << std::endl;
1590215918
tout(cct) << (uintptr_t)fh << std::endl;
1590315919
tout(cct) << off << std::endl;
1590415920
tout(cct) << len << std::endl;
1590515921

15906-
RWRef_t mref_reader(mount_state, CLIENT_MOUNTING);
15907-
if (!mref_reader.is_state_satisfied())
15908-
return -CEPHFS_ENOTCONN;
15909-
1591015922
/* We can't return bytes written larger than INT_MAX, clamp len to that */
1591115923
len = std::min(len, (loff_t)INT_MAX);
1591215924
std::scoped_lock lock(client_lock);
@@ -15920,8 +15932,14 @@ int Client::ll_write(Fh *fh, loff_t off, loff_t len, const char *data)
1592015932
int64_t Client::ll_writev(struct Fh *fh, const struct iovec *iov, int iovcnt, int64_t off)
1592115933
{
1592215934
RWRef_t mref_reader(mount_state, CLIENT_MOUNTING);
15923-
if (!mref_reader.is_state_satisfied())
15935+
if (!mref_reader.is_state_satisfied()) {
1592415936
return -CEPHFS_ENOTCONN;
15937+
}
15938+
15939+
if (fh == NULL || !_ll_fh_exists(fh)) {
15940+
ldout(cct, 3) << "(fh)" << fh << " is invalid" << dendl;
15941+
return -CEPHFS_EBADF;
15942+
}
1592515943

1592615944
std::scoped_lock cl(client_lock);
1592715945
return _preadv_pwritev_locked(fh, iov, iovcnt, off, true, false);
@@ -15930,8 +15948,14 @@ int64_t Client::ll_writev(struct Fh *fh, const struct iovec *iov, int iovcnt, in
1593015948
int64_t Client::ll_readv(struct Fh *fh, const struct iovec *iov, int iovcnt, int64_t off)
1593115949
{
1593215950
RWRef_t mref_reader(mount_state, CLIENT_MOUNTING);
15933-
if (!mref_reader.is_state_satisfied())
15951+
if (!mref_reader.is_state_satisfied()) {
1593415952
return -CEPHFS_ENOTCONN;
15953+
}
15954+
15955+
if (fh == NULL || !_ll_fh_exists(fh)) {
15956+
ldout(cct, 3) << "(fh)" << fh << " is invalid" << dendl;
15957+
return -CEPHFS_EBADF;
15958+
}
1593515959

1593615960
std::scoped_lock cl(client_lock);
1593715961
return _preadv_pwritev_locked(fh, iov, iovcnt, off, false, false);

0 commit comments

Comments
 (0)