review.tizen.org Git - platform/adaptation/renesas_rcar/renesas

author	Chunwei Chen <tuxoko@gmail.com>
	Wed, 23 Apr 2014 04:35:09 +0000 (12:35 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 7 Jun 2014 17:28:28 +0000 (10:28 -0700)
commit	bcd5faf938fb061c4c02874a906b68c5642822f3
tree	ecc897bbb1ea0e6b1b674261be3c8832c16e6049	tree \| snapshot
parent	a03443f50794844b449d296d45557315208bec1e	commit \| diff

libceph: fix corruption when using page_count 0 page in rbd

commit 178eda29ca721842f2146378e73d43e0044c4166 upstream.

It has been reported that using ZFSonLinux on rbd will result in memory
corruption. The bug report can be found here:

https://github.com/zfsonlinux/spl/issues/241
http://tracker.ceph.com/issues/7790

The reason is that ZFS will send pages with page_count 0 into rbd, which in
turns send them to tcp_sendpage. However, tcp_sendpage cannot deal with
page_count 0, as it will do get_page and put_page, and erroneously free the
page.

This type of issue has been noted before, and handled in iscsi, drbd,
etc. So, rbd should also handle this. This fix address this issue by fall back
to slower sendmsg when page_count 0 detected.

Cc: Sage Weil <sage@inktank.com>
Cc: Yehuda Sadeh <yehuda@inktank.com>
Signed-off-by: Chunwei Chen <tuxoko@gmail.com>
Reviewed-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>