From 7a4e6ced110c6005ead1f68072fea6c617f392db Mon Sep 17 00:00:00 2001 From: waterwin Date: Thu, 18 May 2023 09:51:16 +0000 Subject: [PATCH] hmdfs command and mount param check Signed-off-by: waterwin --- fs/hmdfs/comm/device_node.c | 5 +++++ fs/hmdfs/comm/transport.c | 10 ++++++++-- fs/hmdfs/file_merge.c | 8 ++++++-- fs/hmdfs/main.c | 3 +++ 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/fs/hmdfs/comm/device_node.c b/fs/hmdfs/comm/device_node.c index 0f2585de61fe..d702e5027548 100644 --- a/fs/hmdfs/comm/device_node.c +++ b/fs/hmdfs/comm/device_node.c @@ -47,6 +47,11 @@ static void ctrl_cmd_update_socket_handler(const char *buf, size_t len, goto out; } memcpy(&cmd, buf, sizeof(cmd)); + if (cmd.status != CONNECT_STAT_WAIT_REQUEST && + cmd.status != CONNECT_STAT_WAIT_RESPONSE) { + hmdfs_err("invalid status"); + goto out; + } node = hmdfs_get_peer(sbi, cmd.cid, cmd.devsl); if (unlikely(!node)) { diff --git a/fs/hmdfs/comm/transport.c b/fs/hmdfs/comm/transport.c index c9eaaa7dca37..e6c6768f0ab7 100644 --- a/fs/hmdfs/comm/transport.c +++ b/fs/hmdfs/comm/transport.c @@ -904,8 +904,14 @@ static int tcp_update_socket(struct tcp_handle *tcp, int fd, goto put_sock; } - hmdfs_info("socket fd %d, state %d, refcount %ld", - fd, socket->state, file_count(socket->file)); + hmdfs_info("socket fd %d, state %d, refcount %ld protocol %d", + fd, socket->state, file_count(socket->file), + socket->sk->sk_protocol); + + if (socket->sk->sk_protocol != IPPROTO_TCP) { + hmdfs_err("invalid socket protocol"); + return -EINVAL; + } tcp->recv_cache = kmem_cache_create("hmdfs_socket", tcp->recvbuf_maxsize, diff --git a/fs/hmdfs/file_merge.c b/fs/hmdfs/file_merge.c index 0b45586b39ca..8048a203a8e6 100644 --- a/fs/hmdfs/file_merge.c +++ b/fs/hmdfs/file_merge.c @@ -470,7 +470,9 @@ long hmdfs_dir_unlocked_ioctl_merge(struct file *file, unsigned int cmd, comrade_list) { if (fi_iter->device_id == 0) { lower_file = fi_iter->lower_file; - error = lower_file->f_op->unlocked_ioctl(lower_file, cmd, arg); + if (lower_file->f_op->unlocked_ioctl) + error = lower_file->f_op->unlocked_ioctl( + lower_file, cmd, arg); break; } } @@ -492,7 +494,9 @@ long hmdfs_dir_compat_ioctl_merge(struct file *file, unsigned int cmd, comrade_list) { if (fi_iter->device_id == 0) { lower_file = fi_iter->lower_file; - error = lower_file->f_op->compat_ioctl(lower_file, cmd, arg); + if (lower_file->f_op->compat_ioctl) + error = lower_file->f_op->compat_ioctl( + lower_file, cmd, arg); break; } } diff --git a/fs/hmdfs/main.c b/fs/hmdfs/main.c index 1316cb1996e1..b3bd82284255 100644 --- a/fs/hmdfs/main.c +++ b/fs/hmdfs/main.c @@ -842,6 +842,9 @@ static int hmdfs_fill_super(struct super_block *sb, void *data, int silent) char ctrl_path[CTRL_PATH_MAX_LEN]; uint64_t ctrl_hash; + if (!raw_data) + return -EINVAL; + sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); if (!sbi) { err = -ENOMEM; -- Gitee