Patchwork [3.5.yuz,extended,stable] Patch "libceph: avoid NULL kref_put when osd reset races with" has been added to staging queue

mail settings
Submitter Herton Ronaldo Krzesinski
Date Nov. 20, 2012, 5:19 p.m.
Message ID <>
Download mbox | patch
Permalink /patch/200482/
State New
Headers show


Herton Ronaldo Krzesinski - Nov. 20, 2012, 5:19 p.m.
This is a note to let you know that I have just added a patch titled

    libceph: avoid NULL kref_put when osd reset races with

to the linux-3.5.y-queue branch of the 3.5.yuz extended stable tree 
which can be found at:;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.yuz tree, see



From c62b5860135c577cc9d950b2421506c236908c73 Mon Sep 17 00:00:00 2001
From: Sage Weil <>
Date: Wed, 24 Oct 2012 16:12:58 -0700
Subject: [PATCH 74/78] libceph: avoid NULL kref_put when osd reset races with

commit 9bd952615a42d7e2ce3fa2c632e808e804637a1a upstream.

The ceph_on_in_msg_alloc() method drops con->mutex while it allocates a
message.  If that races with a timeout that resends a zillion messages and
resets the connection, and the ->alloc_msg() method returns a NULL message,
it will call ceph_msg_put(NULL) and BUG.

Fix by only calling put if msg is non-NULL.


Signed-off-by: Sage Weil <>
Signed-off-by: Herton Ronaldo Krzesinski <>
 net/ceph/messenger.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)



diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index 0de041f..692243a 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -2746,7 +2746,8 @@  static int ceph_con_in_msg_alloc(struct ceph_connection *con, int *skip)
 		msg = con->ops->alloc_msg(con, hdr, skip);
 		if (con->state != CON_STATE_OPEN) {
-			ceph_msg_put(msg);
+			if (msg)
+				ceph_msg_put(msg);
 			return -EAGAIN;
 		con->in_msg = msg;