review.tizen.org Git - kernel/kernel-generic.git/commit

author	Ilya Dryomov <ilya.dryomov@inktank.com>
	Thu, 9 Jan 2014 18:08:21 +0000 (20:08 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 31 Mar 2014 17:05:16 +0000 (10:05 -0700)
commit	82fd05a1b898fca663b2c01a330e7554a91808dd
tree	a9f0b1d865afc588860e06af351845d95d0414f3	tree \| snapshot
parent	6edcff8e34e0077074d3de1907116e4cb21ba186	commit \| diff

libceph: fix preallocation check in get_reply()

commit f2be82b0058e90b5d9ac2cb896b4914276fb50ef upstream.

The check that makes sure that we have enough memory allocated to read
in the entire header of the message in question is currently busted.
It compares front_len of the incoming message with iov_len field of
ceph_msg::front structure, which is used primarily to indicate the
amount of data already read in, and not the size of the allocated
buffer. Under certain conditions (e.g. a short read from a socket
followed by that socket's shutdown and owning ceph_connection reset)
this results in a warning similar to

[85688.975866] libceph: get_reply front 198 > preallocated 122 (4#0)

and, through another bug, leads to forever hung tasks and forced
reboots. Fix this by comparing front_len with front_alloc_len field of
struct ceph_msg, which stores the actual size of the buffer.

Fixes: http://tracker.ceph.com/issues/5425

Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net/ceph/messenger.c		diff \| blob \| history
net/ceph/osd_client.c		diff \| blob \| history