lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

libceph: fix null dereference when unregistering linger requests

Browse Source 
We should only clear r_osd if we are neither registered as a linger or a
regular request.  We may unregister as a linger while still registered as
a regular request (e.g., in reset_osd).  Incorrectly clearing r_osd there
leads to a null pointer dereference in __send_request.

Also simplify the parallel check in __unregister_request() where we just
removed r_osd_item and know it's empty.

Signed-off-by: Sage Weil <sage@newdream.net>
This commit is contained in:
Sage Weil
2011-03-29 12:11:06 -07:00
parent 234af26ff1
commit fbdb919048
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
net/ceph/osd_client.c
View File

@@ -837,8 +837,7 @@ static void __unregister_request(struct ceph_osd_client *osdc,
dout("moving osd to %p lru\n", req->r_osd); dout("moving osd to %p lru\n", req->r_osd);
__move_osd_to_lru(osdc, req->r_osd); __move_osd_to_lru(osdc, req->r_osd);
} }
if (list_empty(&req->r_osd_item) && if (list_empty(&req->r_linger_item))
list_empty(&req->r_linger_item))
req->r_osd = NULL; req->r_osd = NULL;
} }
@@ -883,6 +882,7 @@ static void __unregister_linger_request(struct ceph_osd_client *osdc,
dout("moving osd to %p lru\n", req->r_osd); dout("moving osd to %p lru\n", req->r_osd);
__move_osd_to_lru(osdc, req->r_osd); __move_osd_to_lru(osdc, req->r_osd);
} }
if (list_empty(&req->r_osd_item))
req->r_osd = NULL; req->r_osd = NULL;
} }
} }