DAOS-15276 object: refine sgl valid check (#14176)

Refine sgl check to avoid segfault for special sgl parameter. Add a test case for it.
daos-stack · May 13, 2024 · 4f2148a · 4f2148a
1 parent f1d1f69
commit 4f2148a
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 4 deletions.
diff --git a/src/client/dfs/xattr.c b/src/client/dfs/xattr.c
@@ -62,7 +62,10 @@ dfs_setxattr(dfs_t *dfs, dfs_obj_t *obj, const char *name, const void *value, da
 	iods[0].iod_recxs = NULL;
 	iods[0].iod_type  = DAOS_IOD_SINGLE;
 	iods[0].iod_size  = size;
-	d_iov_set(&sg_iovs[0], (void *)value, size);
+	if (value == NULL)
+		d_iov_set(&sg_iovs[0], NULL, 0);
+	else
+		d_iov_set(&sg_iovs[0], (void *)value, size);
 	sgls[0].sg_nr     = 1;
 	sgls[0].sg_nr_out = 0;
 	sgls[0].sg_iovs   = &sg_iovs[0];
@@ -168,7 +171,10 @@ dfs_getxattr(dfs_t *dfs, dfs_obj_t *obj, const char *name, void *value, daos_siz
 		iod.iod_size = *size;
 
 		/** set sgl for fetch */
-		d_iov_set(&sg_iov, value, *size);
+		if (value == NULL)
+			d_iov_set(&sg_iov, NULL, 0);
+		else
+			d_iov_set(&sg_iov, value, *size);
 		sgl.sg_nr     = 1;
 		sgl.sg_nr_out = 0;
 		sgl.sg_iovs   = &sg_iov;

diff --git a/src/object/cli_obj.c b/src/object/cli_obj.c
@@ -2216,6 +2216,22 @@ obj_iod_sgl_valid(daos_obj_id_t oid, unsigned int nr, daos_iod_t *iods,
 				return -DER_INVAL;
 			}
 		}
+		if (sgls != NULL && sgls[i].sg_nr > 0) {
+			d_sg_list_t	*sg = &sgls[i];
+			d_iov_t		*iov;
+
+			for (j = 0; j < sg->sg_nr; j++) {
+				iov = sg->sg_iovs + j;
+				if (iov == NULL || (iov->iov_buf_len > 0 && iov->iov_buf == NULL)) {
+					if (iov == NULL)
+						D_ERROR("Bad iov - j %d, NULL iov\n", j);
+					else
+						D_ERROR("Bad iov - j %d, NULL iov_buf, "
+							"bul_len %zu\n", j, iov->iov_buf_len);
+					return -DER_INVAL;
+				}
+			}
+		}
 
 		switch (iods[i].iod_type) {
 		default:

diff --git a/src/tests/suite/daos_obj.c b/src/tests/suite/daos_obj.c
@@ -2431,7 +2431,7 @@ fetch_size(void **state)
 	char		*akey[NUM_AKEYS];
 	const char	*akey_fmt = "akey%d";
 	int		 i, rc;
-	daos_size_t	 size = 131071;
+	daos_size_t	 size = 131071, tmp_sz;
 
 	/** open object */
 	oid = daos_test_oid_gen(arg->coh, dts_obj_class, 0, 0, arg->myrank);
@@ -2480,6 +2480,17 @@ fetch_size(void **state)
 	for (i = 0; i < NUM_AKEYS; i++)
 		assert_int_equal(iod[i].iod_size, size * (i+1));
 
+	print_message("fetch with invalid sgl - NULL sg_iovs with non-zero sg_nr\n");
+	sgl->sg_iovs = NULL;
+	tmp_sz = iod->iod_size;
+	iod->iod_size = 0;
+	rc = daos_obj_fetch(oh, DAOS_TX_NONE, 0, &dkey, NUM_AKEYS, iod, sgl,
+			    NULL, NULL);
+	assert_rc_equal(rc, -DER_INVAL);
+
+	iod->iod_size = tmp_sz;
+	for (i = 0; i < NUM_AKEYS; i++)
+		sgl[i].sg_iovs		= &sg_iov[i];
 	print_message("fetch with unknown iod_size and less buffer\n");
 	for (i = 0; i < NUM_AKEYS; i++) {
 		d_iov_set(&sg_iov[i], buf[i], size * (i+1) - 1);

diff --git a/src/tests/suite/dfs_unit_test.c b/src/tests/suite/dfs_unit_test.c
@@ -2449,10 +2449,10 @@ dfs_test_xattrs(void **state)
 		      0, 0, NULL, &obj);
 	assert_int_equal(rc, 0);
 
+	size = 0;
 	rc = dfs_getxattr(dfs_mt, obj, xname1, NULL, &size);
 	assert_int_equal(rc, ENODATA);
 
-	size = 0;
 	rc = dfs_setxattr(dfs_mt, obj, xname1, NULL, size, 0);
 	assert_int_equal(rc, 0);
 
@@ -2461,6 +2461,7 @@ dfs_test_xattrs(void **state)
 	assert_int_equal(rc, 0);
 	assert_int_equal(size, 0);
 
+	size = 0;
 	rc = dfs_getxattr(dfs_mt, obj, xname2, NULL, &size);
 	assert_int_equal(rc, ENODATA);