summaryrefslogtreecommitdiffstats
path: root/fs/ceph/caps.c
diff options
context:
space:
mode:
authorIlya Dryomov <idryomov@gmail.com>2018-10-17 14:23:04 +0200
committerIlya Dryomov <idryomov@gmail.com>2018-10-22 10:28:23 +0200
commit98c4bfe9d89b22d7bfddf6469241658920b6fafe (patch)
treeae744f24466851329323f80dc69164d1602c82bf /fs/ceph/caps.c
parentlibceph: preallocate message data items (diff)
downloadlinux-98c4bfe9d89b22d7bfddf6469241658920b6fafe.tar.xz
linux-98c4bfe9d89b22d7bfddf6469241658920b6fafe.zip
libceph: check reply num_data_items in setup_request_data()
setup_request_data() adds message data items to both request and reply messages, but only checks request num_data_items before proceeding with the loop. This is wrong because if an op doesn't have any request data items but has a reply data item (e.g. read), a duplicate data item gets added to the message on every resend attempt. This went unnoticed for years but now that message data items are preallocated, it promptly crashes in ceph_msg_data_add(). Amend the signature to make it clear that setup_request_data() operates on both request and reply messages. Also, remove data_len assert -- we have another one in prepare_write_message(). Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'fs/ceph/caps.c')
0 files changed, 0 insertions, 0 deletions