diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-09-11 18:03:21 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-09-11 18:03:21 -0700 |
| commit | c73f6fdf2fc534e47b2a1ebfe00e57d585ef5b57 (patch) | |
| tree | db143197352e03a15e5aa7161ba26609a3693535 /net/ceph/mon_client.c | |
| parent | 7ee2d2d67144965d9d3607369ab0ebf5bad230c0 (diff) | |
| parent | c27a3e4d667fdcad3db7b104f75659478e0c68d8 (diff) | |
| download | linux-c73f6fdf2fc534e47b2a1ebfe00e57d585ef5b57.tar.bz2 | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
Pull Ceph fixes from Sage Weil:
"The main thing here is a set of three patches that fix a buffer
overrun for large authentication tickets (sigh).
There is also a trivial warning fix and an error path fix that are
both regressions"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
libceph: do not hard code max auth ticket len
libceph: add process_one_ticket() helper
libceph: gracefully handle large reply messages from the mon
rbd: fix error return code in rbd_dev_device_setup()
rbd: avoid format-security warning inside alloc_workqueue()
Diffstat (limited to 'net/ceph/mon_client.c')
| -rw-r--r-- | net/ceph/mon_client.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c index 067d3af2eaf6..61fcfc304f68 100644 --- a/net/ceph/mon_client.c +++ b/net/ceph/mon_client.c @@ -1181,7 +1181,15 @@ static struct ceph_msg *mon_alloc_msg(struct ceph_connection *con, if (!m) { pr_info("alloc_msg unknown type %d\n", type); *skip = 1; + } else if (front_len > m->front_alloc_len) { + pr_warning("mon_alloc_msg front %d > prealloc %d (%u#%llu)\n", + front_len, m->front_alloc_len, + (unsigned int)con->peer_name.type, + le64_to_cpu(con->peer_name.num)); + ceph_msg_put(m); + m = ceph_msg_new(type, front_len, GFP_NOFS, false); } + return m; } |