ceph: fix error paths for corrupt osdmap messages
Both osdmap_decode() and osdmap_apply_incremental() should never return
NULL.
Signed-off-by: Sage Weil <sage@newdream.net>
diff --git a/fs/ceph/osdmap.c b/fs/ceph/osdmap.c
index 8c8ffe5..a941630 100644
--- a/fs/ceph/osdmap.c
+++ b/fs/ceph/osdmap.c
@@ -200,6 +200,7 @@
size = sizeof(struct crush_bucket_straw);
break;
default:
+ err = -EINVAL;
goto bad;
}
BUG_ON(size == 0);
@@ -278,6 +279,7 @@
/* len */
ceph_decode_32_safe(p, end, yes, bad);
#if BITS_PER_LONG == 32
+ err = -EINVAL;
if (yes > ULONG_MAX / sizeof(struct crush_rule_step))
goto bad;
#endif
@@ -489,11 +491,10 @@
ceph_decode_copy(p, &pgid, sizeof(pgid));
n = ceph_decode_32(p);
ceph_decode_need(p, end, n * sizeof(u32), bad);
+ err = -ENOMEM;
pg = kmalloc(sizeof(*pg) + n*sizeof(u32), GFP_NOFS);
- if (!pg) {
- err = -ENOMEM;
+ if (!pg)
goto bad;
- }
pg->pgid = pgid;
pg->len = n;
for (j = 0; j < n; j++)
@@ -564,8 +565,7 @@
if (len > 0) {
dout("apply_incremental full map len %d, %p to %p\n",
len, *p, end);
- newmap = osdmap_decode(p, min(*p+len, end));
- return newmap; /* error or not */
+ return osdmap_decode(p, min(*p+len, end));
}
/* new crush? */
@@ -809,6 +809,7 @@
struct ceph_pg_pool_info *pool;
unsigned ps;
+ BUG_ON(!osdmap);
if (poolid >= osdmap->num_pools)
return -EIO;