From: Alex Elder <elder@inktank.com>
Date: Thu, 29 Nov 2012 14:37:03 +0000 (-0600)
Subject: ceph: don't reference req after put
X-Git-Tag: firefly_0821_release~3680^2~1324^2~15
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=7d5f24812bd182a2471cb69c1c2baf0648332e1f;p=firefly-linux-kernel-4.4.55.git

ceph: don't reference req after put

In __unregister_request(), there is a call to list_del_init()
referencing a request that was the subject of a call to
ceph_osdc_put_request() on the previous line.  This is not
safe, because the request structure could have been freed
by the time we reach the list_del_init().

Fix this by reversing the order of these lines.

Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-off-by: Sage Weil <sage@inktank.com>
---

diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index 7ebfe13267e6..ac7be7202faa 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -871,9 +871,9 @@ static void __unregister_request(struct ceph_osd_client *osdc,
 			req->r_osd = NULL;
 	}
 
+	list_del_init(&req->r_req_lru_item);
 	ceph_osdc_put_request(req);
 
-	list_del_init(&req->r_req_lru_item);
 	if (osdc->num_requests == 0) {
 		dout(" no requests, canceling timeout\n");
 		__cancel_osd_timeout(osdc);