From: Sage Weil Date: Mon, 27 Sep 2010 17:18:52 +0000 (-0700) Subject: ceph: avoid null deref in osd request error path X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=6bc18876ba01fd4a077db6e1ed27201e4bda8864;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git ceph: avoid null deref in osd request error path If we interrupt an osd request, we call __cancel_request, but it wasn't verifying that req->r_osd was non-NULL before dereferencing it. This could cause a crash if osds were flapping and we aborted a request on said osd. Reported-by: Henry C Chang Signed-off-by: Sage Weil --- diff --git a/fs/ceph/osd_client.c b/fs/ceph/osd_client.c index dfced1dacbcd..3b5571b8ce22 100644 --- a/fs/ceph/osd_client.c +++ b/fs/ceph/osd_client.c @@ -549,7 +549,7 @@ static void __unregister_request(struct ceph_osd_client *osdc, */ static void __cancel_request(struct ceph_osd_request *req) { - if (req->r_sent) { + if (req->r_sent && req->r_osd) { ceph_con_revoke(&req->r_osd->o_con, req->r_request); req->r_sent = 0; }