ceph: don't drop message if it contains more data than expected

Later version mds may encode more data into messages.

Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index 5b767cf..bc43c82 100644 (file)
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -3406,10 +3406,10 @@ static void handle_lease(struct ceph_mds_client *mdsc,
        vino.ino = le64_to_cpu(h->ino);
        vino.snap = CEPH_NOSNAP;
        seq = le32_to_cpu(h->seq);
-       dname.name = (void *)h + sizeof(*h) + sizeof(u32);
-       dname.len = msg->front.iov_len - sizeof(*h) - sizeof(u32);
-       if (dname.len != get_unaligned_le32(h+1))
+       dname.len = get_unaligned_le32(h + 1);
+       if (msg->front.iov_len < sizeof(*h) + sizeof(u32) + dname.len)
                goto bad;
+       dname.name = (void *)(h + 1) + sizeof(u32);
 
        /* lookup inode */
        inode = ceph_find_inode(sb, vino);

diff --git a/fs/ceph/quota.c b/fs/ceph/quota.c
index 242bfa5..32d4f13 100644 (file)
--- a/fs/ceph/quota.c
+++ b/fs/ceph/quota.c
@@ -48,7 +48,7 @@ void ceph_handle_quota(struct ceph_mds_client *mdsc,
        struct inode *inode;
        struct ceph_inode_info *ci;
 
-       if (msg->front.iov_len != sizeof(*h)) {
+       if (msg->front.iov_len < sizeof(*h)) {
                pr_err("%s corrupt message mds%d len %d\n", __func__,
                       session->s_mds, (int)msg->front.iov_len);
                ceph_msg_dump(msg);