mirror of
https://github.com/torvalds/linux.git
synced 2024-11-28 23:21:31 +00:00
d15f9d694b
Only ->alloc_msg() should check data_len of the incoming message against the preallocated ceph_msg, doing it in the messenger is not right. The contract is that either ->alloc_msg() returns a ceph_msg which will fit all of the portions of the incoming message, or it returns NULL and possibly sets skip, signaling whether NULL is due to an -ENOMEM. ->alloc_msg() should be the only place where we make the skip/no-skip decision. I stumbled upon this while looking at con/osd ref counting. Right now, if we get a non-extent message with a larger data portion than we are prepared for, ->alloc_msg() returns a ceph_msg, and then, when we skip it in the messenger, we don't put the con/osd ref acquired in ceph_con_in_msg_alloc() (which is normally put in process_message()), so this also fixes a memory leak. An existing BUG_ON in ceph_msg_data_cursor_init() ensures we don't corrupt random memory should a buggy ->alloc_msg() return an unfit ceph_msg. While at it, I changed the "unknown tid" dout() to a pr_warn() to make sure all skips are seen and unified format strings. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Alex Elder <elder@linaro.org> |
||
---|---|---|
.. | ||
crush | ||
armor.c | ||
auth_none.c | ||
auth_none.h | ||
auth_x_protocol.h | ||
auth_x.c | ||
auth_x.h | ||
auth.c | ||
buffer.c | ||
ceph_common.c | ||
ceph_fs.c | ||
ceph_hash.c | ||
ceph_strings.c | ||
crypto.c | ||
crypto.h | ||
debugfs.c | ||
Kconfig | ||
Makefile | ||
messenger.c | ||
mon_client.c | ||
msgpool.c | ||
osd_client.c | ||
osdmap.c | ||
pagelist.c | ||
pagevec.c | ||
snapshot.c |