mirror of
https://github.com/torvalds/linux.git
synced 2024-11-23 20:51:44 +00:00
5f740d7e15
Determining ->last_piece based on the value of ->page_offset + length is incorrect because length here is the length of the entire message. ->last_piece set to false even if page array data item length is <= PAGE_SIZE, which results in invalid length passed to ceph_tcp_{send,recv}page() and causes various asserts to fire. # cat pages-cursor-init.sh #!/bin/bash rbd create --size 10 --image-format 2 foo FOO_DEV=$(rbd map foo) dd if=/dev/urandom of=$FOO_DEV bs=1M &>/dev/null rbd snap create foo@snap rbd snap protect foo@snap rbd clone foo@snap bar # rbd_resize calls librbd rbd_resize(), size is in bytes ./rbd_resize bar $(((4 << 20) + 512)) rbd resize --size 10 bar BAR_DEV=$(rbd map bar) # trigger a 512-byte copyup -- 512-byte page array data item dd if=/dev/urandom of=$BAR_DEV bs=1M count=1 seek=5 The problem exists only in ceph_msg_data_pages_cursor_init(), ceph_msg_data_pages_advance() does the right thing. The size_t cast is unnecessary. Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com> Reviewed-by: Sage Weil <sage@redhat.com> Reviewed-by: Alex Elder <elder@linaro.org> |
||
---|---|---|
.. | ||
crush | ||
armor.c | ||
auth_none.c | ||
auth_none.h | ||
auth_x_protocol.h | ||
auth_x.c | ||
auth_x.h | ||
auth.c | ||
buffer.c | ||
ceph_common.c | ||
ceph_fs.c | ||
ceph_hash.c | ||
ceph_strings.c | ||
crypto.c | ||
crypto.h | ||
debugfs.c | ||
Kconfig | ||
Makefile | ||
messenger.c | ||
mon_client.c | ||
msgpool.c | ||
osd_client.c | ||
osdmap.c | ||
pagelist.c | ||
pagevec.c | ||
snapshot.c |