From: Yan, Zheng <zheng.z.yan@intel.com>
Date: Thu, 7 Jun 2012 00:35:55 +0000 (-0500)
Subject: rbd: Clear ceph_msg->bio_iter for retransmitted message
X-Git-Tag: v3.6-rc1~36^2~109
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43643528cce60ca184fe8197efa8e8da7c89a037;p=thirdparty%2Fkernel%2Flinux.git

rbd: Clear ceph_msg->bio_iter for retransmitted message

The bug can cause NULL pointer dereference in write_partial_msg_pages

Signed-off-by: Zheng Yan <zheng.z.yan@intel.com>
Reviewed-by: Alex Elder <elder@inktank.com>
---

diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index 3857f815c0359..769a2c9fe1afb 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -649,6 +649,10 @@ static void prepare_write_message(struct ceph_connection *con)
 		m->hdr.seq = cpu_to_le64(++con->out_seq);
 		m->needs_out_seq = false;
 	}
+#ifdef CONFIG_BLOCK
+	else
+		m->bio_iter = NULL;
+#endif
 
 	dout("prepare_write_message %p seq %lld type %d len %d+%d+%d %d pgs\n",
 	     m, con->out_seq, le16_to_cpu(m->hdr.type),