From 07bd10fb9853a41a7f0bb271721cca97d15eccae Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@newdream.net>
Date: Wed, 14 Oct 2009 17:26:40 -0700
Subject: [PATCH] ceph: correct subscribe_ack msgpool payload size

Defined a struct for the SUBSCRIBE_ACK, and use that to size
the msgpool.

Signed-off-by: Sage Weil <sage@newdream.net>
---
 fs/ceph/ceph_fs.h    |  5 +++++
 fs/ceph/mon_client.c | 11 +++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/fs/ceph/ceph_fs.h b/fs/ceph/ceph_fs.h
index 56af192cb430..9b16e2e06ea6 100644
--- a/fs/ceph/ceph_fs.h
+++ b/fs/ceph/ceph_fs.h
@@ -162,6 +162,11 @@ struct ceph_mon_subscribe_item {
 	__u8 onetime;
 } __attribute__ ((packed));
 
+struct ceph_mon_subscribe_ack {
+	__le32 duration;         /* seconds */
+	struct ceph_fsid fsid;
+} __attribute__ ((packed));
+
 /*
  * mds states
  *   > 0 -> in
diff --git a/fs/ceph/mon_client.c b/fs/ceph/mon_client.c
index bea2be9077e4..d52e52968d01 100644
--- a/fs/ceph/mon_client.c
+++ b/fs/ceph/mon_client.c
@@ -199,10 +199,12 @@ static void handle_subscribe_ack(struct ceph_mon_client *monc,
 				 struct ceph_msg *msg)
 {
 	unsigned seconds;
-	void *p = msg->front.iov_base;
-	void *end = p + msg->front.iov_len;
+	struct ceph_mon_subscribe_ack *h = msg->front.iov_base;
+
+	if (msg->front.iov_len < sizeof(*h))
+		goto bad;
+	seconds = le32_to_cpu(h->duration);
 
-	ceph_decode_32_safe(&p, end, seconds, bad);
 	mutex_lock(&monc->mutex);
 	if (monc->hunting) {
 		pr_info("mon%d %s session established\n",
@@ -541,7 +543,8 @@ int ceph_monc_init(struct ceph_mon_client *monc, struct ceph_client *cl)
 	err = ceph_msgpool_init(&monc->msgpool_mount_ack, 4096, 1, false);
 	if (err < 0)
 		goto out;
-	err = ceph_msgpool_init(&monc->msgpool_subscribe_ack, 8, 1, false);
+	err = ceph_msgpool_init(&monc->msgpool_subscribe_ack,
+			       sizeof(struct ceph_mon_subscribe_ack), 1, false);
 	if (err < 0)
 		goto out;
 	err = ceph_msgpool_init(&monc->msgpool_statfs_reply,
-- 
2.20.1