From: Sage Weil <sage@newdream.net>
Date: Mon, 27 Sep 2010 17:18:52 +0000 (-0700)
Subject: ceph: avoid null deref in osd request error path
X-Git-Tag: firefly_0821_release~7613^2~3791^2~4
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=6bc18876ba01fd4a077db6e1ed27201e4bda8864;p=firefly-linux-kernel-4.4.55.git

ceph: avoid null deref in osd request error path

If we interrupt an osd request, we call __cancel_request, but it wasn't
verifying that req->r_osd was non-NULL before dereferencing it.  This could
cause a crash if osds were flapping and we aborted a request on said osd.

Reported-by: Henry C Chang <henry_c_chang@tcloudcomputing.com>
Signed-off-by: Sage Weil <sage@newdream.net>
---

diff --git a/fs/ceph/osd_client.c b/fs/ceph/osd_client.c
index dfced1dacbcd..3b5571b8ce22 100644
--- a/fs/ceph/osd_client.c
+++ b/fs/ceph/osd_client.c
@@ -549,7 +549,7 @@ static void __unregister_request(struct ceph_osd_client *osdc,
  */
 static void __cancel_request(struct ceph_osd_request *req)
 {
-	if (req->r_sent) {
+	if (req->r_sent && req->r_osd) {
 		ceph_con_revoke(&req->r_osd->o_con, req->r_request);
 		req->r_sent = 0;
 	}