diff options
author | Xavi Hernandez <xhernandez@redhat.com> | 2019-12-20 14:14:32 +0100 |
---|---|---|
committer | Rinku Kothiya <rkothiya@redhat.com> | 2020-03-16 08:21:00 +0000 |
commit | dfaaace24d26d8e39f7783e99ac7440eafeced74 (patch) | |
tree | b7718bf5f276dbe46f400105930288d8b1ef20bf | |
parent | 87f1163e83339b2c2923106e0d9a45e8a327bb7a (diff) |
multiple: fix bad type cast
When using inode_ctx_get() or inode_ctx_set(), a 'uint64_t *' is expected.
In many cases, the value to retrieve or store is a pointer, which will be
of smaller size in some architectures (for example 32-bits). In this case,
directly passing the address of the pointer casted to an 'uint64_t *' is
wrong and can cause memory corruption.
Backport of:
> Change-Id: Iae616da9dda528df6743fa2f65ae5cff5ad23258
> Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
> Fixes: bz#1785611
Change-Id: Iae616da9dda528df6743fa2f65ae5cff5ad23258
Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
Fixes: bz#1785323
-rw-r--r-- | xlators/features/shard/src/shard.c | 3 | ||||
-rw-r--r-- | xlators/performance/io-cache/src/io-cache.c | 8 | ||||
-rw-r--r-- | xlators/performance/nl-cache/src/nl-cache-helper.c | 11 | ||||
-rw-r--r-- | xlators/performance/readdir-ahead/src/readdir-ahead.c | 3 | ||||
-rw-r--r-- | xlators/storage/posix/src/posix-helpers.c | 3 | ||||
-rw-r--r-- | xlators/storage/posix/src/posix-metadata.c | 35 |
6 files changed, 42 insertions, 21 deletions
diff --git a/xlators/features/shard/src/shard.c b/xlators/features/shard/src/shard.c index 0e96a45768a..c59e244429a 100644 --- a/xlators/features/shard/src/shard.c +++ b/xlators/features/shard/src/shard.c @@ -80,7 +80,8 @@ __shard_inode_ctx_get(inode_t *inode, xlator_t *this, shard_inode_ctx_t **ctx) INIT_LIST_HEAD(&ctx_p->ilist); INIT_LIST_HEAD(&ctx_p->to_fsync_list); - ret = __inode_ctx_set(inode, this, (uint64_t *)&ctx_p); + ctx_uint = (uint64_t)(uintptr_t)ctx_p; + ret = __inode_ctx_set(inode, this, &ctx_uint); if (ret < 0) { GF_FREE(ctx_p); return ret; diff --git a/xlators/performance/io-cache/src/io-cache.c b/xlators/performance/io-cache/src/io-cache.c index 711afdf700d..82422f7cfc7 100644 --- a/xlators/performance/io-cache/src/io-cache.c +++ b/xlators/performance/io-cache/src/io-cache.c @@ -383,14 +383,12 @@ ioc_forget(xlator_t *this, inode_t *inode) static int32_t ioc_invalidate(xlator_t *this, inode_t *inode) { - uint64_t ioc_addr = 0; - ioc_inode_t *ioc_inode = NULL; + uint64_t ioc_inode = 0; - inode_ctx_get(inode, this, (uint64_t *)&ioc_addr); - ioc_inode = (void *)(uintptr_t)ioc_addr; + inode_ctx_get(inode, this, &ioc_inode); if (ioc_inode) - ioc_inode_flush(ioc_inode); + ioc_inode_flush((ioc_inode_t *)(uintptr_t)ioc_inode); return 0; } diff --git a/xlators/performance/nl-cache/src/nl-cache-helper.c b/xlators/performance/nl-cache/src/nl-cache-helper.c index 009f33ae38d..9dac3abbe43 100644 --- a/xlators/performance/nl-cache/src/nl-cache-helper.c +++ b/xlators/performance/nl-cache/src/nl-cache-helper.c @@ -170,16 +170,19 @@ static int nlc_inode_ctx_set(xlator_t *this, inode_t *inode, nlc_ctx_t *nlc_ctx, nlc_pe_t *nlc_pe_p) { + uint64_t ctx1, ctx2; int ret = -1; + ctx1 = (uint64_t)(uintptr_t)nlc_ctx; + ctx2 = (uint64_t)(uintptr_t)nlc_pe_p; + /* The caller may choose to set one of the ctxs, hence check * if the ctx1/2 is non zero and then send the address. If we * blindly send the address of both the ctxs, it may reset the * ctx the caller had sent NULL(intended as leave untouched) for.*/ LOCK(&inode->lock); { - ret = __inode_ctx_set2(inode, this, nlc_ctx ? (uint64_t *)&nlc_ctx : 0, - nlc_pe_p ? (uint64_t *)&nlc_pe_p : 0); + ret = __inode_ctx_set2(inode, this, ctx1 ? &ctx1 : 0, ctx2 ? &ctx2 : 0); } UNLOCK(&inode->lock); return ret; @@ -293,6 +296,7 @@ static nlc_ctx_t * nlc_inode_ctx_get_set(xlator_t *this, inode_t *inode, nlc_ctx_t **nlc_ctx_p, nlc_pe_t **nlc_pe_p) { + uint64_t ctx; int ret = 0; nlc_ctx_t *nlc_ctx = NULL; nlc_conf_t *conf = NULL; @@ -323,7 +327,8 @@ nlc_inode_ctx_get_set(xlator_t *this, inode_t *inode, nlc_ctx_t **nlc_ctx_p, goto unlock; } - ret = __inode_ctx_set2(inode, this, (uint64_t *)&nlc_ctx, NULL); + ctx = (uint64_t)(uintptr_t)nlc_ctx; + ret = __inode_ctx_set2(inode, this, &ctx, NULL); if (ret) { gf_msg(this->name, GF_LOG_ERROR, ENOMEM, NLC_MSG_NO_MEMORY, "inode ctx set failed"); diff --git a/xlators/performance/readdir-ahead/src/readdir-ahead.c b/xlators/performance/readdir-ahead/src/readdir-ahead.c index 933941d8a92..4ba7ee7077a 100644 --- a/xlators/performance/readdir-ahead/src/readdir-ahead.c +++ b/xlators/performance/readdir-ahead/src/readdir-ahead.c @@ -98,7 +98,8 @@ __rda_inode_ctx_get(inode_t *inode, xlator_t *this) GF_ATOMIC_INIT(ctx_p->generation, 0); - ret = __inode_ctx_set1(inode, this, (uint64_t *)&ctx_p); + ctx_uint = (uint64_t)(uintptr_t)ctx_p; + ret = __inode_ctx_set1(inode, this, &ctx_uint); if (ret < 0) { GF_FREE(ctx_p); return NULL; diff --git a/xlators/storage/posix/src/posix-helpers.c b/xlators/storage/posix/src/posix-helpers.c index d2beeed1f4a..0ee412875ef 100644 --- a/xlators/storage/posix/src/posix-helpers.c +++ b/xlators/storage/posix/src/posix-helpers.c @@ -2828,7 +2828,8 @@ __posix_inode_ctx_get(inode_t *inode, xlator_t *this) pthread_mutex_init(&ctx_p->write_atomic_lock, NULL); pthread_mutex_init(&ctx_p->pgfid_lock, NULL); - ret = __inode_ctx_set(inode, this, (uint64_t *)&ctx_p); + ctx_uint = (uint64_t)(uintptr_t)ctx_p; + ret = __inode_ctx_set(inode, this, &ctx_uint); if (ret < 0) { pthread_mutex_destroy(&ctx_p->xattrop_lock); pthread_mutex_destroy(&ctx_p->write_atomic_lock); diff --git a/xlators/storage/posix/src/posix-metadata.c b/xlators/storage/posix/src/posix-metadata.c index 9efaf999402..0b6f04f337f 100644 --- a/xlators/storage/posix/src/posix-metadata.c +++ b/xlators/storage/posix/src/posix-metadata.c @@ -243,6 +243,7 @@ int __posix_get_mdata_xattr(xlator_t *this, const char *real_path, int _fd, inode_t *inode, struct iatt *stbuf) { + uint64_t ctx; posix_mdata_t *mdata = NULL; int ret = -1; int op_errno = 0; @@ -250,7 +251,10 @@ __posix_get_mdata_xattr(xlator_t *this, const char *real_path, int _fd, /* Handle readdirp: inode might be null, time attributes should be served * from xattr not from backend's file attributes */ if (inode) { - ret = __inode_ctx_get1(inode, this, (uint64_t *)&mdata); + ret = __inode_ctx_get1(inode, this, &ctx); + if (ret == 0) { + mdata = (posix_mdata_t *)(uintptr_t)ctx; + } } else { ret = -1; } @@ -275,7 +279,8 @@ __posix_get_mdata_xattr(xlator_t *this, const char *real_path, int _fd, * down scenario */ if (inode) { - __inode_ctx_set1(inode, this, (uint64_t *)&mdata); + ctx = (uint64_t)(uintptr_t)mdata; + __inode_ctx_set1(inode, this, &ctx); } } else { /* Failed to get mdata from disk, xattr missing. @@ -357,6 +362,7 @@ posix_set_mdata_xattr_legacy_files(xlator_t *this, inode_t *inode, const char *realpath, struct mdata_iatt *mdata_iatt, int *op_errno) { + uint64_t ctx; posix_mdata_t *mdata = NULL; posix_mdata_t imdata = { 0, @@ -369,10 +375,11 @@ posix_set_mdata_xattr_legacy_files(xlator_t *this, inode_t *inode, LOCK(&inode->lock); { - ret = __inode_ctx_get1(inode, this, (uint64_t *)&mdata); - if (ret == 0 && mdata) { + ret = __inode_ctx_get1(inode, this, &ctx); + if (ret == 0 && ctx) { + mdata = (posix_mdata_t *)(uintptr_t)ctx; mdata_already_set = _gf_true; - } else if (ret == -1 || !mdata) { + } else { mdata = GF_CALLOC(1, sizeof(posix_mdata_t), gf_posix_mt_mdata_attr); if (!mdata) { gf_msg(this->name, GF_LOG_ERROR, ENOMEM, P_MSG_NOMEM, @@ -389,7 +396,8 @@ posix_set_mdata_xattr_legacy_files(xlator_t *this, inode_t *inode, /* Got mdata from disk. This is a race, another client * has healed the xattr during lookup. So set it in inode * ctx */ - __inode_ctx_set1(inode, this, (uint64_t *)&mdata); + ctx = (uint64_t)(uintptr_t)mdata; + __inode_ctx_set1(inode, this, &ctx); mdata_already_set = _gf_true; } else { *op_errno = 0; @@ -402,7 +410,8 @@ posix_set_mdata_xattr_legacy_files(xlator_t *this, inode_t *inode, mdata->mtime.tv_sec = mdata_iatt->ia_mtime; mdata->mtime.tv_nsec = mdata_iatt->ia_mtime_nsec; - __inode_ctx_set1(inode, this, (uint64_t *)&mdata); + ctx = (uint64_t)(uintptr_t)mdata; + __inode_ctx_set1(inode, this, &ctx); } } @@ -451,6 +460,7 @@ posix_set_mdata_xattr(xlator_t *this, const char *real_path, int fd, struct iatt *stbuf, posix_mdata_flag_t *flag, gf_boolean_t update_utime) { + uint64_t ctx; posix_mdata_t *mdata = NULL; int ret = -1; int op_errno = 0; @@ -466,7 +476,10 @@ posix_set_mdata_xattr(xlator_t *this, const char *real_path, int fd, LOCK(&inode->lock); { - ret = __inode_ctx_get1(inode, this, (uint64_t *)&mdata); + ret = __inode_ctx_get1(inode, this, &ctx); + if (ret == 0) { + mdata = (posix_mdata_t *)(uintptr_t)ctx; + } if (ret == -1 || !mdata) { /* * Do we need to fetch the data from xattr @@ -489,7 +502,8 @@ posix_set_mdata_xattr(xlator_t *this, const char *real_path, int fd, * is hit when in-memory status is lost due to brick * down scenario */ - __inode_ctx_set1(inode, this, (uint64_t *)&mdata); + ctx = (uint64_t)(uintptr_t)mdata; + __inode_ctx_set1(inode, this, &ctx); } else { /* * This is the first time creating the time attr. This happens @@ -523,7 +537,8 @@ posix_set_mdata_xattr(xlator_t *this, const char *real_path, int fd, mdata->mtime.tv_sec = time->tv_sec; mdata->mtime.tv_nsec = time->tv_nsec; - __inode_ctx_set1(inode, this, (uint64_t *)&mdata); + ctx = (uint64_t)(uintptr_t)mdata; + __inode_ctx_set1(inode, this, &ctx); } } |