kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   97f949b8b55cc23176301e4f8d57c4e6c4f40a83
  2.   patches.suse
  3.   0023-libceph-avoid-a-use-after-free-during-map-check.patch
Blob Blame History Raw 
From: Ilya Dryomov <idryomov@gmail.com>
Date: Tue, 22 May 2018 16:26:51 +0200
Subject: libceph: avoid a use-after-free during map check
Git-commit: 6001567c14eb8e93f8bceb35fc02158a3e1f20f8
Patch-mainline: v4.18-rc1
References: FATE#324714

Sending map check after complete_request() was called is not only
useless, but can lead to a use-after-free as req->r_kref decrement in
__complete_request() races with map check code.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Acked-by: Luis Henriques <lhenriques@suse.com>
---
 net/ceph/osd_client.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -2200,7 +2200,7 @@ again:
 		complete_request(req, err);
 	mutex_unlock(&osd->lock);
 
-	if (ct_res == CALC_TARGET_POOL_DNE)
+	if (!err && ct_res == CALC_TARGET_POOL_DNE)
 		send_map_check(req);
 
 	if (promoted)
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.