kclient: don't allow to pass max file size

diff --git a/src/kernel/addr.c b/src/kernel/addr.c
index c32f14aff1d69d2f78ea64569f36f87e63a52587..3f6358e4866d63a26b910e00d643f801bdafed63 100644 (file)
--- a/src/kernel/addr.c
+++ b/src/kernel/addr.c
@@ -948,6 +948,13 @@ retry_locked:
 
        /* past end of file? */
        i_size = inode->i_size;   /* caller holds i_mutex */
+
+       if (i_size + len > CEPH_FILE_MAX_SIZE) {
+               /* file is too big */
+               r = -EINVAL;
+               goto fail;
+       }
+
        if (page_off >= i_size ||
            (pos_in_page == 0 && (pos+len) >= i_size &&
             end_in_page - pos_in_page != PAGE_CACHE_SIZE)) {

diff --git a/src/kernel/inode.c b/src/kernel/inode.c
index 73608bae4bfe23e9f8d9dbe1b1e5b4d99e68c06d..69d20acced7b942bed4cba763c6b687893878c4e 100644 (file)
--- a/src/kernel/inode.c
+++ b/src/kernel/inode.c
@@ -1425,6 +1425,10 @@ int ceph_setattr(struct dentry *dentry, struct iattr *attr)
        if (ia_valid & ATTR_SIZE) {
                dout(10, "setattr %p size %lld -> %lld\n", inode,
                     inode->i_size, attr->ia_size);
+               if (attr->ia_size > CEPH_FILE_MAX_SIZE) {
+                       err = -EINVAL;
+                       goto out;
+               }
                if ((issued & CEPH_CAP_FILE_EXCL) &&
                    attr->ia_size > inode->i_size) {
                        vmtruncate(inode, attr->ia_size);
@@ -1474,6 +1478,10 @@ int ceph_setattr(struct dentry *dentry, struct iattr *attr)
        ceph_mdsc_put_request(req);
        __ceph_do_pending_vmtruncate(inode);
        return err;
+out:
+       spin_unlock(&inode->i_lock);
+       ceph_mdsc_put_request(req);
+       return err;
 }
 
 /*