diff options
| author | Simon Rettberg | 2013-08-19 20:14:12 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2013-08-19 20:14:12 +0200 |
| commit | f3a56fa66a956eca1a87dd6cb6018aeb72d4d370 (patch) | |
| tree | 3de53fcd55e26350d4ffc6cf6d305ee692140ae8 /src/kernel | |
| parent | [SERVER] (Hopefully) fix starving uplink requests (diff) | |
| download | dnbd3-f3a56fa66a956eca1a87dd6cb6018aeb72d4d370.tar.gz dnbd3-f3a56fa66a956eca1a87dd6cb6018aeb72d4d370.tar.xz dnbd3-f3a56fa66a956eca1a87dd6cb6018aeb72d4d370.zip | |
[KERNEL] Check for invalid ioctls to prevent kernel panics :)
Diffstat (limited to 'src/kernel')
| -rw-r--r-- | src/kernel/blk.c | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/src/kernel/blk.c b/src/kernel/blk.c index 72f354c..9cd4a76 100644 --- a/src/kernel/blk.c +++ b/src/kernel/blk.c @@ -107,12 +107,10 @@ int dnbd3_blk_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd, u dnbd3_ioctl_t *msg = NULL; //unsigned long irqflags; - printk("ioctl: A\n"); while (dev->disconnecting) { // do nothing } - printk("ioctl: B\n"); if (arg != 0) { @@ -158,6 +156,10 @@ int dnbd3_blk_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd, u { result = -EINVAL; } + else if (msg == NULL) + { + result = -EINVAL; + } else { if (sizeof(msg->host) != sizeof(dev->cur_server.host)) @@ -198,7 +200,11 @@ int dnbd3_blk_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd, u break; case IOCTL_SWITCH: - if (memcmp(&dev->cur_server.host, &msg->host, sizeof(msg->host))) + if (msg == NULL) + { + result = -EINVAL; + } + else if (memcmp(&dev->cur_server.host, &msg->host, sizeof(msg->host))) { dnbd3_net_disconnect(dev); dev->cur_server.host = msg->host; @@ -214,17 +220,20 @@ int dnbd3_blk_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd, u { result = -ENOENT; } + else if (dev->new_servers_num >= NUMBER_SERVERS) + { + result = -EAGAIN; + } + else if (msg == NULL) + { + result = -EINVAL; + } else { - if (dev->new_servers_num >= NUMBER_SERVERS) - result = -EAGAIN; - else - { - memcpy(&dev->new_servers[dev->new_servers_num].host, &msg->host, sizeof(msg->host)); - dev->new_servers[dev->new_servers_num].failures = (cmd == IOCTL_ADD_SRV ? 0 : 1); // 0 = ADD, 1 = REM - ++dev->new_servers_num; - result = 0; - } + memcpy(&dev->new_servers[dev->new_servers_num].host, &msg->host, sizeof(msg->host)); + dev->new_servers[dev->new_servers_num].failures = (cmd == IOCTL_ADD_SRV ? 0 : 1); // 0 = ADD, 1 = REM + ++dev->new_servers_num; + result = 0; } break; |