Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net/ceph
History
Ilya Dryomov cdbc9836c7 libceph: fix invalid accesses to ceph_connection_v1_info 
There is a place where generic code in messenger.c is reading and
another place where it is writing to con->v1 union member without
checking that the union member is active (i.e. msgr1 is in use).

On 64-bit systems, con->v1.auth_retry overlaps with con->v2.out_iter,
so such a read is almost guaranteed to return a bogus value instead of
0 when msgr2 is in use.  This ends up being fairly benign because the
side effect is just the invalidation of the authorizer and successive
fetching of new tickets.

con->v1.connect_seq overlaps with con->v2.conn_bufs and the fact that
it's being written to can cause more serious consequences, but luckily
it's not something that happens often.

Cc: stable@vger.kernel.org
Fixes: cd1a677cad ("libceph, ceph: implement msgr2.1 protocol (crc and secure modes)")
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>
 		2025-09-10 21:22:56 +02:00
..
crush libceph: fix crush_choose_firstn() kernel-doc warnings 2024-07-11 16:33:07 +02:00
Kconfig lib/crc: remove CONFIG_LIBCRC32C 2025-04-04 11:31:42 -07:00
Makefile libceph, ceph: implement msgr2.1 protocol (crc and secure modes) 2020-12-14 23:21:50 +01:00
armor.c
auth.c libceph: remove unnecessary ret variable in ceph_auth_init() 2021-06-28 23:49:25 +02:00
auth_none.c libceph: kill ceph_none_authorizer::reply_buf 2021-06-28 23:49:25 +02:00
auth_none.h libceph: kill ceph_none_authorizer::reply_buf 2021-06-28 23:49:25 +02:00
auth_x.c libceph: set global_id as soon as we get an auth ticket 2021-06-24 21:03:17 +02:00
auth_x.h
auth_x_protocol.h libceph: fix some spelling mistakes 2021-06-28 23:49:25 +02:00
buffer.c mm: allow !GFP_KERNEL allocations for kvmalloc 2022-01-15 16:30:29 +02:00
ceph_common.c libceph: optionally use bounce buffer on recv path in crc mode 2022-02-02 18:50:36 +01:00
ceph_hash.c
ceph_strings.c libceph: introduce connection modes and ms_mode option 2020-12-14 23:21:50 +01:00
cls_lock_client.c libceph: fix doc warnings in cls_lock_client.c 2021-06-28 23:49:25 +02:00
crypto.c libceph: Remove unused ceph_crypto_key_encode 2024-11-18 17:34:35 +01:00
crypto.h libceph: Remove unused ceph_crypto_key_encode 2024-11-18 17:34:35 +01:00
debugfs.c
decode.c libceph: allow addrvecs with a single NONE/blank address 2021-05-04 16:06:15 +02:00
messenger.c libceph: fix invalid accesses to ceph_connection_v1_info 2025-09-10 21:22:56 +02:00
messenger_v1.c libceph: just wait for more data to be available on the socket 2024-02-07 14:43:29 +01:00
messenger_v2.c libceph: Rename hmac_sha256() to ceph_hmac_sha256() 2025-07-04 10:18:52 -07:00
mon_client.c libceph: fix race between delayed_work() and ceph_monc_stop() 2024-07-10 10:11:55 +02:00
msgpool.c
osd_client.c ceph: Remove osd_client deadcode 2025-04-03 21:35:32 +02:00
osdmap.c libceph: print fsid and epoch with osd id 2022-08-03 00:54:12 +02:00
pagelist.c libceph: Remove unused ceph_pagelist functions 2024-11-18 17:34:35 +01:00
pagevec.c libceph: Remove unused pagevec functions 2024-11-18 17:34:35 +01:00
snapshot.c
string_table.c
striper.c