[PATCH 141/270] libceph: recheck con state after allocating incoming message

Herton Ronaldo Krzesinski herton.krzesinski at canonical.com
Mon Nov 26 16:57:11 UTC 2012

3.5.7u1 -stable review patch.  If anyone has any objections, please let me know.


From: Sage Weil <sage at inktank.com>

commit 6139919133377652992a5fe134e22abce3e9c25e upstream.

We drop the lock when calling the ->alloc_msg() con op, which means
we need to (a) not clobber con->in_msg without the mutex held, and (b)
we need to verify that we are still in the OPEN state when we retake
it to avoid causing any mayhem.  If the state does change, -EAGAIN
will get us back to con_work() and loop.

Signed-off-by: Sage Weil <sage at inktank.com>
Reviewed-by: Alex Elder <elder at inktank.com>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski at canonical.com>
 net/ceph/messenger.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index 13b549b..b6655b1 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -2735,9 +2735,16 @@ static int ceph_con_in_msg_alloc(struct ceph_connection *con, int *skip)
 	BUG_ON(con->in_msg != NULL);
 	if (con->ops->alloc_msg) {
+		struct ceph_msg *msg;
-		con->in_msg = con->ops->alloc_msg(con, hdr, skip);
+		msg = con->ops->alloc_msg(con, hdr, skip);
+		if (con->state != CON_STATE_OPEN) {
+			ceph_msg_put(msg);
+			return -EAGAIN;
+		}
+		con->in_msg = msg;
 		if (con->in_msg) {
 			con->in_msg->con = con->ops->get(con);
 			BUG_ON(con->in_msg->con == NULL);

More information about the kernel-team mailing list