summaryrefslogtreecommitdiffstats
path: root/net/ceph
diff options
context:
space:
mode:
authorIlya Dryomov <idryomov@gmail.com>2018-05-22 16:26:51 +0200
committerIlya Dryomov <idryomov@gmail.com>2018-06-04 20:45:59 +0200
commit6001567c14eb8e93f8bceb35fc02158a3e1f20f8 (patch)
treef3eb8665a17131852e844453c281750cffcdc56c /net/ceph
parent29e878201ee635940ba018bce51f4ee0f0e47a5b (diff)
downloadlinux-stable-6001567c14eb8e93f8bceb35fc02158a3e1f20f8.tar.gz
linux-stable-6001567c14eb8e93f8bceb35fc02158a3e1f20f8.tar.bz2
linux-stable-6001567c14eb8e93f8bceb35fc02158a3e1f20f8.zip
libceph: avoid a use-after-free during map check
Sending map check after complete_request() was called is not only useless, but can lead to a use-after-free as req->r_kref decrement in __complete_request() races with map check code. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Acked-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Diffstat (limited to 'net/ceph')
-rw-r--r--net/ceph/osd_client.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
index 34b5334548c3..294320400c72 100644
--- a/net/ceph/osd_client.c
+++ b/net/ceph/osd_client.c
@@ -2266,7 +2266,7 @@ again:
complete_request(req, err);
mutex_unlock(&osd->lock);
- if (ct_res == CALC_TARGET_POOL_DNE)
+ if (!err && ct_res == CALC_TARGET_POOL_DNE)
send_map_check(req);
if (promoted)