OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net
History
Ilya Dryomov 65ad755455 libceph: fix double __remove_osd() problem 
commit 7eb71e0351 upstream.

It turns out it's possible to get __remove_osd() called twice on the
same OSD.  That doesn't sit well with rb_erase() - depending on the
shape of the tree we can get a NULL dereference, a soft lockup or
a random crash at some point in the future as we end up touching freed
memory.  One scenario that I was able to reproduce is as follows:

            <osd3 is idle, on the osd lru list>
<con reset - osd3>
con_fault_finish()
  osd_reset()
                              <osdmap - osd3 down>
                              ceph_osdc_handle_map()
                                <takes map_sem>
                                kick_requests()
                                  <takes request_mutex>
                                  reset_changed_osds()
                                    __reset_osd()
                                      __remove_osd()
                                  <releases request_mutex>
                                <releases map_sem>
    <takes map_sem>
    <takes request_mutex>
    __kick_osd_requests()
      __reset_osd()
        __remove_osd() <-- !!!

A case can be made that osd refcounting is imperfect and reworking it
would be a proper resolution, but for now Sage and I decided to fix
this by adding a safe guard around __remove_osd().

Fixes: http://tracker.ceph.com/issues/8087

Cc: Sage Weil <sage@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2015-03-06 14:43:25 -08:00
..
9p 9p/trans_virtio.c: Fix broken zero-copy on vmalloc() buffers 2014-02-10 17:48:54 -08:00
802 neigh: use NEIGH_VAR_INIT in ndo_neigh_setup functions. 2014-01-16 11:31:58 -08:00
8021q net: Always untag vlan-tagged traffic on input. 2014-10-15 08:36:40 +02:00
appletalk appletalk: Fix socket referencing in skb 2014-07-28 08:06:00 -07:00
atm net: Fix some fallout from the etner_addr_copy() changes. 2014-01-21 18:57:26 -08:00
ax25 net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
batman-adv batman-adv: avoid NULL dereferences and fix if check 2015-01-27 08:18:53 -08:00
bluetooth Bluetooth: Fix incorrect LE CoC PDU length restriction based on HCI MTU 2014-10-30 09:38:23 -07:00
bridge bridge: Fix br_should_learn to check vlan_enabled 2014-10-15 08:36:41 +02:00
caif net: Include appropriate header file in caif/cfsrvl.c 2014-02-09 17:32:49 -08:00
can net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:15:38 -04:00
ceph libceph: fix double __remove_osd() problem 2015-03-06 14:43:25 -08:00
core bridge: dont send notification when skb->len == 0 in rtnl_bridge_notify 2015-02-26 17:50:12 -08:00
dcb net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:15:38 -04:00
dccp dccp: re-enable debug macro 2014-02-16 23:45:00 -05:00
decnet net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:15:38 -04:00
dns_resolver dns_resolver: Null-terminate the right string 2014-07-28 08:06:01 -07:00
dsa dsa: Use ether_addr_copy 2014-01-21 18:13:05 -08:00
ethernet net: eth_type_trans() should use skb_header_pointer() 2014-01-16 15:30:31 -08:00
hsr hsr: off by one sanity check in hsr_register_frame_in() 2014-03-03 15:29:42 -05:00
ieee802154 6lowpan: fix lockdep splats 2014-02-10 17:51:29 -08:00
ipv4 ipv4: tcp: get rid of ugly unicast_sock 2015-02-26 17:50:12 -08:00
ipv6 ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too 2015-02-26 17:50:11 -08:00
ipx ipx: fix locking regression in ipx_sendmsg and ipx_recvmsg 2014-12-06 15:55:34 -08:00
irda net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
iucv af_iucv: wrong mapping of sent and confirmed skbs 2014-06-30 20:11:51 -07:00
key selinux: add gfp argument to security_xfrm_policy_alloc and fix callers 2014-03-10 08:30:02 +01:00
l2tp l2tp: fix race while getting PMTU on PPP pseudo-wire 2014-10-15 08:36:41 +02:00
lapb
llc llc: remove noisy WARN from llc_mac_hdr_init 2014-01-28 18:01:32 -08:00
mac80211 mac80211: properly set CCK flag in radiotap 2015-02-05 22:35:50 -08:00
mac802154 mac802154: fix following checkpath.pl warning Prefer pr_warn(... to pr_warning(... 2013-12-22 18:53:08 -05:00
mpls
netfilter ipvs: uninitialized data with IP_VS_IPV6 2015-01-29 17:40:50 -08:00
netlabel netlabel: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
netlink netlink: Don't reorder loads/stores before marking mmap netlink frame as available 2015-01-27 08:18:53 -08:00
netrom net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
nfc NFC: NCI: Fix NULL pointer dereference 2014-02-23 23:14:45 +01:00
openvswitch openvswitch: fix panic with multiple vlan headers 2014-10-15 08:36:41 +02:00
packet packet: handle too big packets for PACKET_V3 2014-10-15 08:36:40 +02:00
phonet net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:15:38 -04:00
rds rds: prevent dereference of a NULL device in rds_iw_laddr_check 2014-04-14 06:50:04 -07:00
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-01-25 11:17:34 -08:00
rose net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
rxrpc RxRPC fixes 2014-01-28 18:04:18 -08:00
sched net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:15:38 -04:00
sctp net: sctp: fix passing wrong parameter header to param_type2af in sctp_process_param 2015-02-26 17:50:12 -08:00
sunrpc SUNRPC: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT 2014-11-14 08:59:45 -08:00
tipc tipc: clear 'next'-pointer of message fragments before reassembly 2014-07-28 08:06:01 -07:00
unix net: unix: non blocking recvmsg() should not return -EINTR 2014-03-26 17:05:40 -04:00
vmw_vsock vsock: Make transport the proto owner 2014-05-31 13:20:36 -07:00
wimax wimax: remove dead code 2013-11-21 13:09:42 -05:00
wireless nl80211: fix per-station group key get/del and memory leak 2015-02-05 22:35:50 -08:00
x25 net: add build-time checks for msg->msg_name size 2014-01-18 23:04:16 -08:00
xfrm xfrm: Generate queueing routes only from route lookup functions 2014-10-15 08:36:42 +02:00
Kconfig net: netprio: rename config to be more consistent with cgroup configs 2014-01-03 23:41:42 +01:00
Makefile net: move 6lowpan compression code to separate module 2014-01-15 15:36:38 -08:00
compat.c net: sendmsg: fix NULL pointer dereference 2014-08-14 09:38:23 +08:00
nonet.c
socket.c net: don't OOPS on socket aio 2015-02-26 17:50:11 -08:00
sysctl_net.c