• Ilya Dryomov's avatar
    libceph: fix preallocation check in get_reply() · 4c3280ca
    Ilya Dryomov authored
    commit f2be82b0 upstream.
    
    The check that makes sure that we have enough memory allocated to read
    in the entire header of the message in question is currently busted.
    It compares front_len of the incoming message with iov_len field of
    ceph_msg::front structure, which is used primarily to indicate the
    amount of data already read in, and not the size of the allocated
    buffer.  Under certain conditions (e.g. a short read from a socket
    followed by that socket's shutdown and owning ceph_connection reset)
    this results in a warning similar to
    
    [85688.975866] libceph: get_reply front 198 > preallocated 122 (4#0)
    
    and, through another bug, leads to forever hung tasks and forced
    reboots.  Fix this by comparing front_len with front_alloc_len field of
    struct ceph_msg, which stores the actual size of the buffer.
    
    Fixes: http://tracker.ceph.com/issues/5425Signed-off-by: default avatarIlya Dryomov <ilya.dryomov@inktank.com>
    Reviewed-by: default avatarSage Weil <sage@inktank.com>
    Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
    4c3280ca
osd_client.c 69.9 KB