ceph: fix three bugs, two in ceph_vxattrcb_file_layout()
authorAlex Elder <elder@dreamhost.com>
Thu, 8 Mar 2012 22:50:09 +0000 (16:50 -0600)
committerAlex Elder <elder@dreamhost.com>
Thu, 22 Mar 2012 15:47:52 +0000 (10:47 -0500)
In ceph_vxattrcb_file_layout(), there is a check to determine
whether a preferred PG should be formatted into the output buffer.
That check assumes that a preferred PG number of 0 indicates "no
preference," but that is wrong.  No preference is indicated by a
negative (specifically, -1) PG number.

In addition, if that condition yields true, the preferred value
is formatted into a sized buffer, but the size consumed by the
earlier snprintf() call is not accounted for, opening up the
possibilty of a buffer overrun.

Finally, in ceph_vxattrcb_dir_rctime() where the nanoseconds part of
the time displayed did not include leading 0's, which led to
erroneous (sub-second portion of) time values being shown.

This fixes these three issues:
    http://tracker.newdream.net/issues/2155
    http://tracker.newdream.net/issues/2156
    http://tracker.newdream.net/issues/2157

Signed-off-by: Alex Elder <elder@dreamhost.com>
Reviewed-by: Sage Weil <sage@newdream.net>
fs/ceph/xattr.c

index 8294f461ecd1f3ee6e867bbf5191277f95111a16..35b86331d8a5ce84c311e9eb2730757f80149179 100644 (file)
@@ -79,7 +79,7 @@ static size_t ceph_vxattrcb_dir_rbytes(struct ceph_inode_info *ci, char *val,
 static size_t ceph_vxattrcb_dir_rctime(struct ceph_inode_info *ci, char *val,
                                       size_t size)
 {
-       return snprintf(val, size, "%ld.%ld", (long)ci->i_rctime.tv_sec,
+       return snprintf(val, size, "%ld.09%ld", (long)ci->i_rctime.tv_sec,
                        (long)ci->i_rctime.tv_nsec);
 }
 
@@ -118,10 +118,15 @@ static size_t ceph_vxattrcb_file_layout(struct ceph_inode_info *ci, char *val,
                (unsigned long long)ceph_file_layout_su(ci->i_layout),
                (unsigned long long)ceph_file_layout_stripe_count(ci->i_layout),
                (unsigned long long)ceph_file_layout_object_size(ci->i_layout));
-       if (ceph_file_layout_pg_preferred(ci->i_layout))
-               ret += snprintf(val + ret, size, "preferred_osd=%lld\n",
+
+       if (ceph_file_layout_pg_preferred(ci->i_layout) >= 0) {
+               val += ret;
+               size -= ret;
+               ret += snprintf(val, size, "preferred_osd=%lld\n",
                            (unsigned long long)ceph_file_layout_pg_preferred(
                                    ci->i_layout));
+       }
+
        return ret;
 }