aboutsummaryrefslogtreecommitdiffstats
path: root/net/ceph
diff options
context:
space:
mode:
authorSage Weil <sage@newdream.net>2011-03-29 15:11:06 -0400
committerSage Weil <sage@newdream.net>2011-03-29 15:11:06 -0400
commitfbdb9190482fd83a3eb20cdeb0da454759f479d7 (patch)
treebf83dcd6ea13c9a1feedb2a8f79744de93f9fecd /net/ceph
parent234af26ff123dfb2aa48772124721b1354c8e0a5 (diff)
libceph: fix null dereference when unregistering linger requests
We should only clear r_osd if we are neither registered as a linger or a regular request. We may unregister as a linger while still registered as a regular request (e.g., in reset_osd). Incorrectly clearing r_osd there leads to a null pointer dereference in __send_request. Also simplify the parallel check in __unregister_request() where we just removed r_osd_item and know it's empty. Signed-off-by: Sage Weil <sage@newdream.net>
Diffstat (limited to 'net/ceph')
-rw-r--r--net/ceph/osd_client.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index 03740e8fc9d1..3b91d651fe08 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -837,8 +837,7 @@ static void __unregister_request(struct ceph_osd_client *osdc,
837 dout("moving osd to %p lru\n", req->r_osd); 837 dout("moving osd to %p lru\n", req->r_osd);
838 __move_osd_to_lru(osdc, req->r_osd); 838 __move_osd_to_lru(osdc, req->r_osd);
839 } 839 }
840 if (list_empty(&req->r_osd_item) && 840 if (list_empty(&req->r_linger_item))
841 list_empty(&req->r_linger_item))
842 req->r_osd = NULL; 841 req->r_osd = NULL;
843 } 842 }
844 843
@@ -883,7 +882,8 @@ static void __unregister_linger_request(struct ceph_osd_client *osdc,
883 dout("moving osd to %p lru\n", req->r_osd); 882 dout("moving osd to %p lru\n", req->r_osd);
884 __move_osd_to_lru(osdc, req->r_osd); 883 __move_osd_to_lru(osdc, req->r_osd);
885 } 884 }
886 req->r_osd = NULL; 885 if (list_empty(&req->r_osd_item))
886 req->r_osd = NULL;
887 } 887 }
888} 888}
889 889