• Mikulas Patocka's avatar
    dm: fix truncated status strings · d8b8a43e
    Mikulas Patocka authored
    commit fd7c092e upstream.
    
    Avoid returning a truncated table or status string instead of setting
    the DM_BUFFER_FULL_FLAG when the last target of a table fills the
    buffer.
    
    When processing a table or status request, the function retrieve_status
    calls ti->type->status. If ti->type->status returns non-zero,
    retrieve_status assumes that the buffer overflowed and sets
    DM_BUFFER_FULL_FLAG.
    
    However, targets don't return non-zero values from their status method
    on overflow. Most targets returns always zero.
    
    If a buffer overflow happens in a target that is not the last in the
    table, it gets noticed during the next iteration of the loop in
    retrieve_status; but if a buffer overflow happens in the last target, it
    goes unnoticed and erroneously truncated data is returned.
    
    In the current code, the targets behave in the following way:
    * dm-crypt returns -ENOMEM if there is not enough space to store the
      key, but it returns 0 on all other overflows.
    * dm-thin returns errors from the status method if a disk error happened.
      This is incorrect because retrieve_status doesn't check the error
      code, it assumes that all non-zero values mean buffer overflow.
    * all the other targets always return 0.
    
    This patch changes the ti->type->status function to return void (because
    most targets don't use the return code). Overflow is detected in
    retrieve_status: if the status method fills up the remaining space
    completely, it is assumed that buffer overflow happened.
    Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
    Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    d8b8a43e
dm-mpath.c 39.4 KB