From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 28 Mar 2014 17:21:13 +0000 (-0700)
Subject: 3.13-stable patches
X-Git-Tag: v3.4.85~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=acd563ec8e462130c316f915905a9b74f2c2b398;p=thirdparty%2Fkernel%2Fstable-queue.git

3.13-stable patches

added patches:
	libceph-fix-preallocation-check-in-get_reply.patch
	libceph-rename-ceph_msg-front_max-to-front_alloc_len.patch
	libceph-rename-front-to-front_len-in-get_reply.patch
---

diff --git a/queue-3.13/libceph-fix-preallocation-check-in-get_reply.patch b/queue-3.13/libceph-fix-preallocation-check-in-get_reply.patch
new file mode 100644
index 00000000000..232acb8251e
--- /dev/null
+++ b/queue-3.13/libceph-fix-preallocation-check-in-get_reply.patch
@@ -0,0 +1,68 @@
+From f2be82b0058e90b5d9ac2cb896b4914276fb50ef Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <ilya.dryomov@inktank.com>
+Date: Thu, 9 Jan 2014 20:08:21 +0200
+Subject: libceph: fix preallocation check in get_reply()
+
+From: Ilya Dryomov <ilya.dryomov@inktank.com>
+
+commit f2be82b0058e90b5d9ac2cb896b4914276fb50ef upstream.
+
+The check that makes sure that we have enough memory allocated to read
+in the entire header of the message in question is currently busted.
+It compares front_len of the incoming message with iov_len field of
+ceph_msg::front structure, which is used primarily to indicate the
+amount of data already read in, and not the size of the allocated
+buffer.  Under certain conditions (e.g. a short read from a socket
+followed by that socket's shutdown and owning ceph_connection reset)
+this results in a warning similar to
+
+[85688.975866] libceph: get_reply front 198 > preallocated 122 (4#0)
+
+and, through another bug, leads to forever hung tasks and forced
+reboots.  Fix this by comparing front_len with front_alloc_len field of
+struct ceph_msg, which stores the actual size of the buffer.
+
+Fixes: http://tracker.ceph.com/issues/5425
+
+Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
+Reviewed-by: Sage Weil <sage@inktank.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ceph/messenger.c  |    3 +--
+ net/ceph/osd_client.c |    4 ++--
+ 2 files changed, 3 insertions(+), 4 deletions(-)
+
+--- a/net/ceph/messenger.c
++++ b/net/ceph/messenger.c
+@@ -3126,7 +3126,6 @@ struct ceph_msg *ceph_msg_new(int type,
+ 	INIT_LIST_HEAD(&m->data);
+ 
+ 	/* front */
+-	m->front_alloc_len = front_len;
+ 	if (front_len) {
+ 		if (front_len > PAGE_CACHE_SIZE) {
+ 			m->front.iov_base = __vmalloc(front_len, flags,
+@@ -3143,7 +3142,7 @@ struct ceph_msg *ceph_msg_new(int type,
+ 	} else {
+ 		m->front.iov_base = NULL;
+ 	}
+-	m->front.iov_len = front_len;
++	m->front_alloc_len = m->front.iov_len = front_len;
+ 
+ 	dout("ceph_msg_new %p front %d\n", m, front_len);
+ 	return m;
+--- a/net/ceph/osd_client.c
++++ b/net/ceph/osd_client.c
+@@ -2515,9 +2515,9 @@ static struct ceph_msg *get_reply(struct
+ 		     req->r_reply, req->r_reply->con);
+ 	ceph_msg_revoke_incoming(req->r_reply);
+ 
+-	if (front_len > req->r_reply->front.iov_len) {
++	if (front_len > req->r_reply->front_alloc_len) {
+ 		pr_warning("get_reply front %d > preallocated %d (%u#%llu)\n",
+-			   front_len, (int)req->r_reply->front.iov_len,
++			   front_len, req->r_reply->front_alloc_len,
+ 			   (unsigned int)con->peer_name.type,
+ 			   le64_to_cpu(con->peer_name.num));
+ 		m = ceph_msg_new(CEPH_MSG_OSD_OPREPLY, front_len, GFP_NOFS,
diff --git a/queue-3.13/libceph-rename-ceph_msg-front_max-to-front_alloc_len.patch b/queue-3.13/libceph-rename-ceph_msg-front_max-to-front_alloc_len.patch
new file mode 100644
index 00000000000..26834b4f871
--- /dev/null
+++ b/queue-3.13/libceph-rename-ceph_msg-front_max-to-front_alloc_len.patch
@@ -0,0 +1,93 @@
+From 3cea4c3071d4e55e9d7356efe9d0ebf92f0c2204 Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <ilya.dryomov@inktank.com>
+Date: Thu, 9 Jan 2014 20:08:21 +0200
+Subject: libceph: rename ceph_msg::front_max to front_alloc_len
+
+From: Ilya Dryomov <ilya.dryomov@inktank.com>
+
+commit 3cea4c3071d4e55e9d7356efe9d0ebf92f0c2204 upstream.
+
+Rename front_max field of struct ceph_msg to front_alloc_len to make
+its purpose more clear.
+
+Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
+Reviewed-by: Sage Weil <sage@inktank.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/ceph/messenger.h |    2 +-
+ net/ceph/messenger.c           |    6 +++---
+ net/ceph/mon_client.c          |    8 ++++----
+ 3 files changed, 8 insertions(+), 8 deletions(-)
+
+--- a/include/linux/ceph/messenger.h
++++ b/include/linux/ceph/messenger.h
+@@ -157,7 +157,7 @@ struct ceph_msg {
+ 	bool front_is_vmalloc;
+ 	bool more_to_follow;
+ 	bool needs_out_seq;
+-	int front_max;
++	int front_alloc_len;
+ 	unsigned long ack_stamp;        /* tx: when we were acked */
+ 
+ 	struct ceph_msgpool *pool;
+--- a/net/ceph/messenger.c
++++ b/net/ceph/messenger.c
+@@ -3126,7 +3126,7 @@ struct ceph_msg *ceph_msg_new(int type,
+ 	INIT_LIST_HEAD(&m->data);
+ 
+ 	/* front */
+-	m->front_max = front_len;
++	m->front_alloc_len = front_len;
+ 	if (front_len) {
+ 		if (front_len > PAGE_CACHE_SIZE) {
+ 			m->front.iov_base = __vmalloc(front_len, flags,
+@@ -3301,8 +3301,8 @@ EXPORT_SYMBOL(ceph_msg_last_put);
+ 
+ void ceph_msg_dump(struct ceph_msg *msg)
+ {
+-	pr_debug("msg_dump %p (front_max %d length %zd)\n", msg,
+-		 msg->front_max, msg->data_length);
++	pr_debug("msg_dump %p (front_alloc_len %d length %zd)\n", msg,
++		 msg->front_alloc_len, msg->data_length);
+ 	print_hex_dump(KERN_DEBUG, "header: ",
+ 		       DUMP_PREFIX_OFFSET, 16, 1,
+ 		       &msg->hdr, sizeof(msg->hdr), true);
+--- a/net/ceph/mon_client.c
++++ b/net/ceph/mon_client.c
+@@ -152,7 +152,7 @@ static int __open_session(struct ceph_mo
+ 		/* initiatiate authentication handshake */
+ 		ret = ceph_auth_build_hello(monc->auth,
+ 					    monc->m_auth->front.iov_base,
+-					    monc->m_auth->front_max);
++					    monc->m_auth->front_alloc_len);
+ 		__send_prepared_auth_request(monc, ret);
+ 	} else {
+ 		dout("open_session mon%d already open\n", monc->cur_mon);
+@@ -196,7 +196,7 @@ static void __send_subscribe(struct ceph
+ 		int num;
+ 
+ 		p = msg->front.iov_base;
+-		end = p + msg->front_max;
++		end = p + msg->front_alloc_len;
+ 
+ 		num = 1 + !!monc->want_next_osdmap + !!monc->want_mdsmap;
+ 		ceph_encode_32(&p, num);
+@@ -897,7 +897,7 @@ static void handle_auth_reply(struct cep
+ 	ret = ceph_handle_auth_reply(monc->auth, msg->front.iov_base,
+ 				     msg->front.iov_len,
+ 				     monc->m_auth->front.iov_base,
+-				     monc->m_auth->front_max);
++				     monc->m_auth->front_alloc_len);
+ 	if (ret < 0) {
+ 		monc->client->auth_err = ret;
+ 		wake_up_all(&monc->client->auth_wq);
+@@ -939,7 +939,7 @@ static int __validate_auth(struct ceph_m
+ 		return 0;
+ 
+ 	ret = ceph_build_auth(monc->auth, monc->m_auth->front.iov_base,
+-			      monc->m_auth->front_max);
++			      monc->m_auth->front_alloc_len);
+ 	if (ret <= 0)
+ 		return ret; /* either an error, or no need to authenticate */
+ 	__send_prepared_auth_request(monc, ret);
diff --git a/queue-3.13/libceph-rename-front-to-front_len-in-get_reply.patch b/queue-3.13/libceph-rename-front-to-front_len-in-get_reply.patch
new file mode 100644
index 00000000000..5becdad8776
--- /dev/null
+++ b/queue-3.13/libceph-rename-front-to-front_len-in-get_reply.patch
@@ -0,0 +1,48 @@
+From 3f0a4ac55fe036902e3666be740da63528ad8639 Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <ilya.dryomov@inktank.com>
+Date: Thu, 9 Jan 2014 20:08:21 +0200
+Subject: libceph: rename front to front_len in get_reply()
+
+From: Ilya Dryomov <ilya.dryomov@inktank.com>
+
+commit 3f0a4ac55fe036902e3666be740da63528ad8639 upstream.
+
+Rename front local variable to front_len in get_reply() to make its
+purpose more clear.
+
+Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
+Reviewed-by: Sage Weil <sage@inktank.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ceph/osd_client.c |    9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/net/ceph/osd_client.c
++++ b/net/ceph/osd_client.c
+@@ -2495,7 +2495,7 @@ static struct ceph_msg *get_reply(struct
+ 	struct ceph_osd_client *osdc = osd->o_osdc;
+ 	struct ceph_msg *m;
+ 	struct ceph_osd_request *req;
+-	int front = le32_to_cpu(hdr->front_len);
++	int front_len = le32_to_cpu(hdr->front_len);
+ 	int data_len = le32_to_cpu(hdr->data_len);
+ 	u64 tid;
+ 
+@@ -2515,12 +2515,13 @@ static struct ceph_msg *get_reply(struct
+ 		     req->r_reply, req->r_reply->con);
+ 	ceph_msg_revoke_incoming(req->r_reply);
+ 
+-	if (front > req->r_reply->front.iov_len) {
++	if (front_len > req->r_reply->front.iov_len) {
+ 		pr_warning("get_reply front %d > preallocated %d (%u#%llu)\n",
+-			   front, (int)req->r_reply->front.iov_len,
++			   front_len, (int)req->r_reply->front.iov_len,
+ 			   (unsigned int)con->peer_name.type,
+ 			   le64_to_cpu(con->peer_name.num));
+-		m = ceph_msg_new(CEPH_MSG_OSD_OPREPLY, front, GFP_NOFS, false);
++		m = ceph_msg_new(CEPH_MSG_OSD_OPREPLY, front_len, GFP_NOFS,
++				 false);
+ 		if (!m)
+ 			goto out;
+ 		ceph_msg_put(req->r_reply);
diff --git a/queue-3.13/series b/queue-3.13/series
index 02bfedcde5a..ea7b61f0c82 100644
--- a/queue-3.13/series
+++ b/queue-3.13/series
@@ -41,3 +41,6 @@ input-wacom-add-support-for-three-new-intuos-devices.patch
 input-wacom-add-reporting-of-sw_mute_device-events.patch
 xhci-fix-resume-issues-on-renesas-chips-in-samsung-laptops.patch
 e100-fix-disabling-already-disabled-device-warning.patch
+libceph-rename-ceph_msg-front_max-to-front_alloc_len.patch
+libceph-rename-front-to-front_len-in-get_reply.patch
+libceph-fix-preallocation-check-in-get_reply.patch