aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-10-29 11:49:25 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-10-29 11:49:25 -0400
commit35fd3dc58da675d659513384221349ef90749a01 (patch)
tree2ee64e48f39c0c14d454d57a8af022af9e977dd4
parent6b0cb4eef7bdaa27b8021ea81813fba330a2d94d (diff)
parent52eb5a900a9863a8b77a895f770e5d825c8e02c6 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
Pull Ceph fixes form Sage Weil: "There are two fixes in the messenger code, one that can trigger a NULL dereference, and one that error in refcounting (extra put). There is also a trivial fix that in the fs client code that is triggered by NFS reexport." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: ceph: fix dentry reference leak in encode_fh() libceph: avoid NULL kref_put when osd reset races with alloc_msg rbd: reset BACKOFF if unable to re-queue
-rw-r--r--fs/ceph/export.c2
-rw-r--r--net/ceph/messenger.c6
2 files changed, 6 insertions, 2 deletions
diff --git a/fs/ceph/export.c b/fs/ceph/export.c
index 02ce90972d8..9349bb37a2f 100644
--- a/fs/ceph/export.c
+++ b/fs/ceph/export.c
@@ -90,6 +90,8 @@ static int ceph_encode_fh(struct inode *inode, u32 *rawfh, int *max_len,
90 *max_len = handle_length; 90 *max_len = handle_length;
91 type = 255; 91 type = 255;
92 } 92 }
93 if (dentry)
94 dput(dentry);
93 return type; 95 return type;
94} 96}
95 97
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index 159aa8bef9e..3ef1759403b 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -2300,10 +2300,11 @@ restart:
2300 mutex_unlock(&con->mutex); 2300 mutex_unlock(&con->mutex);
2301 return; 2301 return;
2302 } else { 2302 } else {
2303 con->ops->put(con);
2304 dout("con_work %p FAILED to back off %lu\n", con, 2303 dout("con_work %p FAILED to back off %lu\n", con,
2305 con->delay); 2304 con->delay);
2305 set_bit(CON_FLAG_BACKOFF, &con->flags);
2306 } 2306 }
2307 goto done;
2307 } 2308 }
2308 2309
2309 if (con->state == CON_STATE_STANDBY) { 2310 if (con->state == CON_STATE_STANDBY) {
@@ -2749,7 +2750,8 @@ static int ceph_con_in_msg_alloc(struct ceph_connection *con, int *skip)
2749 msg = con->ops->alloc_msg(con, hdr, skip); 2750 msg = con->ops->alloc_msg(con, hdr, skip);
2750 mutex_lock(&con->mutex); 2751 mutex_lock(&con->mutex);
2751 if (con->state != CON_STATE_OPEN) { 2752 if (con->state != CON_STATE_OPEN) {
2752 ceph_msg_put(msg); 2753 if (msg)
2754 ceph_msg_put(msg);
2753 return -EAGAIN; 2755 return -EAGAIN;
2754 } 2756 }
2755 con->in_msg = msg; 2757 con->in_msg = msg;