summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSage Weil <sage@newdream.net>2009-12-11 18:48:05 +0100
committerSage Weil <sage@newdream.net>2009-12-22 01:39:53 +0100
commitcf3e5c409b5d66ec66207092a3f7e3e2c42c0f3f (patch)
tree132e0095756777f4716f59e6c05ac85b80e830fd
parentceph: hex dump corrupt server data to KERN_DEBUG (diff)
downloadlinux-cf3e5c409b5d66ec66207092a3f7e3e2c42c0f3f.tar.xz
linux-cf3e5c409b5d66ec66207092a3f7e3e2c42c0f3f.zip
ceph: plug leak of incoming message during connection fault/close
If we explicitly close a connection, or there is a socket error, we need to drop any partially received message. Signed-off-by: Sage Weil <sage@newdream.net>
-rw-r--r--fs/ceph/messenger.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/fs/ceph/messenger.c b/fs/ceph/messenger.c
index b10f88c56706..b12604ef1846 100644
--- a/fs/ceph/messenger.c
+++ b/fs/ceph/messenger.c
@@ -320,6 +320,11 @@ static void reset_connection(struct ceph_connection *con)
ceph_msg_remove_list(&con->out_queue);
ceph_msg_remove_list(&con->out_sent);
+ if (con->in_msg) {
+ ceph_msg_put(con->in_msg);
+ con->in_msg = NULL;
+ }
+
con->connect_seq = 0;
con->out_seq = 0;
if (con->out_msg) {
@@ -1288,7 +1293,7 @@ static int read_partial_message(struct ceph_connection *con)
con->in_msg = con->ops->alloc_msg(con, &con->in_hdr);
if (!con->in_msg) {
/* skip this message */
- dout("alloc_msg returned NULL, skipping message\n");
+ pr_err("alloc_msg returned NULL, skipping message\n");
con->in_base_pos = -front_len - middle_len - data_len -
sizeof(m->footer);
con->in_tag = CEPH_MSGR_TAG_READY;
@@ -1327,7 +1332,7 @@ static int read_partial_message(struct ceph_connection *con)
if (con->ops->alloc_middle)
ret = con->ops->alloc_middle(con, m);
if (ret < 0) {
- dout("alloc_middle failed, skipping payload\n");
+ pr_err("alloc_middle fail skipping payload\n");
con->in_base_pos = -middle_len - data_len
- sizeof(m->footer);
ceph_msg_put(con->in_msg);
@@ -1498,6 +1503,7 @@ more:
set_bit(CONNECTING, &con->state);
clear_bit(NEGOTIATING, &con->state);
+ BUG_ON(con->in_msg);
con->in_tag = CEPH_MSGR_TAG_READY;
dout("try_write initiating connect on %p new state %lu\n",
con, con->state);