git-server-git.apps.pok.os.sepia.ceph.com Git

author	Jonas Pfefferle <pepperjo@japf.ch>
	Wed, 9 Mar 2022 13:26:42 +0000 (14:26 +0100)
committer	Ilya Dryomov <idryomov@gmail.com>
	Tue, 22 Mar 2022 12:39:09 +0000 (13:39 +0100)
commit	4a0a0562b3fded8d4e1f4b3d698cbf6263d02aa4
tree	271a285b4cc6b38fe8b467fb0c33297e8f3eab2c	tree \| snapshot
parent	179a7bca8a84771b0dde09e26f7a2146a985df90	commit \| diff

librbd: readv/writev fix iovecs length computation overflow

iovec have unsigned length (size_t) and before this patch the
total length was computed by adding iovec's length to a signed
length variable (ssize_t). While the code checked if the resulting
length was negative on overflow, the case where length is positive
after overflow was not checked. This patch fixes the overflow check
by changing length to unsigned size_t.

Additionally, this patch fixes the case where some iovecs have been
added to the bufferlist and the aio completion has been blocked, but
adding an additional iovec fails because of overflow. This leads to
the UserBufferDeleter trying to unblock the completion on destruction
of the bufferlist but asserting because the completion was never
armed. We avoid this by first computing the total length and checking
for overflows and iovcnt before adding them to the bufferlist.

Signed-off-by: Jonas Pfefferle <pepperjo@japf.ch>
(cherry picked from commit e50405ef857f487bc1c104bbf3e8859ea099a0c4)

src/librbd/librbd.cc		diff \| blob \| history
src/test/librbd/test_librbd.cc		diff \| blob \| history