Patchwork [3.5.yuz,extended,stable] Patch "libceph: avoid NULL kref_put when osd reset races with" has been added to staging queue

login
register
mail settings
Submitter Herton Ronaldo Krzesinski
Date Nov. 20, 2012, 5:19 p.m.
Message ID <1353431984-11337-1-git-send-email-herton.krzesinski@canonical.com>
Download mbox | patch
Permalink /patch/200482/
State New
Headers show

Comments

Herton Ronaldo Krzesinski - Nov. 20, 2012, 5:19 p.m.
This is a note to let you know that I have just added a patch titled

    libceph: avoid NULL kref_put when osd reset races with

to the linux-3.5.y-queue branch of the 3.5.yuz extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.yuz tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Herton

------

From c62b5860135c577cc9d950b2421506c236908c73 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@inktank.com>
Date: Wed, 24 Oct 2012 16:12:58 -0700
Subject: [PATCH 74/78] libceph: avoid NULL kref_put when osd reset races with
 alloc_msg

commit 9bd952615a42d7e2ce3fa2c632e808e804637a1a upstream.

The ceph_on_in_msg_alloc() method drops con->mutex while it allocates a
message.  If that races with a timeout that resends a zillion messages and
resets the connection, and the ->alloc_msg() method returns a NULL message,
it will call ceph_msg_put(NULL) and BUG.

Fix by only calling put if msg is non-NULL.

Fixes http://tracker.newdream.net/issues/3142

Signed-off-by: Sage Weil <sage@inktank.com>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
---
 net/ceph/messenger.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--
1.7.9.5

Patch

diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index 0de041f..692243a 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -2746,7 +2746,8 @@  static int ceph_con_in_msg_alloc(struct ceph_connection *con, int *skip)
 		msg = con->ops->alloc_msg(con, hdr, skip);
 		mutex_lock(&con->mutex);
 		if (con->state != CON_STATE_OPEN) {
-			ceph_msg_put(msg);
+			if (msg)
+				ceph_msg_put(msg);
 			return -EAGAIN;
 		}
 		con->in_msg = msg;