Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-06 05:06:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
396b229b68
linux-stable/net
History
Ilya Dryomov 82fd05a1b8 libceph: fix preallocation check in get_reply() 
commit f2be82b005 upstream.

The check that makes sure that we have enough memory allocated to read
in the entire header of the message in question is currently busted.
It compares front_len of the incoming message with iov_len field of
ceph_msg::front structure, which is used primarily to indicate the
amount of data already read in, and not the size of the allocated
buffer.  Under certain conditions (e.g. a short read from a socket
followed by that socket's shutdown and owning ceph_connection reset)
this results in a warning similar to

[85688.975866] libceph: get_reply front 198 > preallocated 122 (4#0)

and, through another bug, leads to forever hung tasks and forced
reboots.  Fix this by comparing front_len with front_alloc_len field of
struct ceph_msg, which stores the actual size of the buffer.

Fixes: http://tracker.ceph.com/issues/5425

Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@inktank.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-03-31 10:05:16 -07:00
..
9p 9p/trans_virtio.c: Fix broken zero-copy on vmalloc() buffers 2014-03-06 22:06:11 -08:00
802 mrp: add periodictimer to allow retries when packets get lost 2013-09-23 16:53:52 -04:00
8021q vlan: Fix header ops passthru when doing TX VLAN offload. 2013-12-31 16:23:35 -05:00
appletalk net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
atm net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
ax25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
batman-adv batman-adv: fix potential kernel paging error for unicast transmissions 2014-03-06 22:06:16 -08:00
bluetooth Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth 2013-12-18 13:46:08 -05:00
bridge bridge: fix netconsole setup over bridge 2014-03-06 22:06:11 -08:00
caif net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
can can: add destructor for self generated skbs 2014-03-06 22:06:11 -08:00
ceph libceph: fix preallocation check in get_reply() 2014-03-31 10:05:16 -07:00
core neigh: recompute reachabletime before returning from neigh_periodic_work() 2014-03-23 21:44:00 -07:00
dcb rtnetlink: Remove passing of attributes into rtnl_doit functions 2013-03-22 10:31:16 -04:00
dccp dccp: catch failed request_module call in dccp_probe init 2013-12-19 19:25:50 -05:00
decnet netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
dns_resolver net: strict_strtoul is obsolete, use kstrtoul instead 2013-07-12 16:09:14 -07:00
dsa net: dsa: inherit addr_assign_type along with dev_addr 2013-09-03 20:57:49 -04:00
ethernet ethernet: use likely() for common Ethernet encap 2013-09-30 21:52:53 -07:00
hsr net/hsr: Support iproute print_opt ('ip -details ...') 2013-11-30 12:48:14 -05:00
ieee802154 6lowpan: fix lockdep splats 2014-03-06 22:06:11 -08:00
ipv4 ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer 2014-03-23 21:44:01 -07:00
ipv6 ipv6: ipv6_find_hdr restore prev functionality 2014-03-23 21:44:01 -07:00
ipx net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
irda net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
iucv net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
key net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
l2tp ipv6: do not erase dst address with flow label destination 2013-12-10 22:51:00 -05:00
lapb net/lapb: re-send packets on timeout 2013-09-23 16:52:45 -04:00
llc net: llc: fix use after free in llc_ui_recvmsg 2014-01-02 19:31:09 -05:00
mac80211 mac80211: clear sequence/fragment number in QoS-null frames 2014-03-23 21:44:02 -07:00
mac802154 6lowpan: set and use mac_len for mac header length 2013-10-30 17:18:46 -04:00
mpls ipip: add GSO/TSO support 2013-10-19 19:36:19 -04:00
netfilter netfilter: only warn once on wrong seqadj usage 2014-01-06 14:23:17 +01:00
netlabel genetlink: only pass array to genl_register_family_with_ops() 2013-11-19 16:39:05 -05:00
netlink genetlink/pmcraid: use proper genetlink multicast API 2013-11-28 18:26:30 -05:00
netrom net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
nfc NFC: Fix target mode p2p link establishment 2014-01-04 03:31:32 +01:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-19 15:50:47 -08:00
packet packet: fix send path when running with proto == 0 2013-12-09 20:09:20 -05:00
phonet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-19 15:50:47 -08:00
rds net: rds: fix per-cpu helper usage 2014-01-17 17:52:22 -08:00
rfkill net: rfkill: gpio: add ACPI support 2013-10-28 15:05:25 +01:00
rose net: rose: restore old recvmsg behavior 2013-12-29 22:33:17 -05:00
rxrpc net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
sched sch_tbf: Fix potential memory leak in tbf_change(). 2014-03-23 21:44:01 -07:00
sctp net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable 2014-03-23 21:44:01 -07:00
sunrpc SUNRPC: Fix a pipe_version reference leak 2014-03-31 10:05:15 -07:00
tipc tipc: correctly unlink packets from deferred packet queue 2014-01-07 16:15:24 -05:00
unix net: unix socket code abuses csum_partial 2014-03-23 21:44:17 -07:00
vmw_vsock net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
wimax wimax: remove dead code 2013-11-21 13:09:42 -05:00
wireless nl80211: Reset split_start when netlink skb is exhausted 2014-02-22 13:34:44 -08:00
x25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
xfrm net: move pskb_put() to core code 2013-11-07 19:28:58 -05:00
compat.c x86, x32: Correct invalid use of user timespec in the kernel 2014-02-06 11:33:50 -08:00
Kconfig kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS cleanly 2013-11-21 16:42:27 -08:00
Makefile net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0) 2013-11-03 23:20:14 -05:00
nonet.c
socket.c net: clamp ->msg_namelen instead of returning an error 2013-11-29 16:12:52 -05:00
sysctl_net.c net: Update the sysctl permissions handler to test effective uid/gid 2013-10-07 15:57:56 -04:00