From: Sage Weil Date: Mon, 27 Sep 2010 17:18:52 +0000 (-0700) Subject: ceph: avoid null deref in osd request error path X-Git-Tag: upstream/snapshot3+hdmi~12810^2~4 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6bc18876ba01fd4a077db6e1ed27201e4bda8864;p=platform%2Fadaptation%2Frenesas_rcar%2Frenesas_kernel.git ceph: avoid null deref in osd request error path If we interrupt an osd request, we call __cancel_request, but it wasn't verifying that req->r_osd was non-NULL before dereferencing it. This could cause a crash if osds were flapping and we aborted a request on said osd. Reported-by: Henry C Chang Signed-off-by: Sage Weil --- diff --git a/fs/ceph/osd_client.c b/fs/ceph/osd_client.c index dfced1d..3b5571b 100644 --- a/fs/ceph/osd_client.c +++ b/fs/ceph/osd_client.c @@ -549,7 +549,7 @@ static void __unregister_request(struct ceph_osd_client *osdc, */ static void __cancel_request(struct ceph_osd_request *req) { - if (req->r_sent) { + if (req->r_sent && req->r_osd) { ceph_con_revoke(&req->r_osd->o_con, req->r_request); req->r_sent = 0; }