Commit ca20892db7567c40e8ed0668f46cf0d085d7db6d
Committed by
Sage Weil
Sage Weil
1 parent
3772d26d87
Exists in
master
and in
4 other branches
libceph: fix ceph_msg_new error path
If memory allocation failed, calling ceph_msg_put() will cause GPF since some of ceph_msg variables are not initialized first. Fix Bug #970. Signed-off-by: Henry C Chang <henry_c_chang@tcloudcomputing.com> Signed-off-by: Sage Weil <sage@newdream.net>
Showing 1 changed file with 13 additions and 13 deletions Side-by-side Diff
net/ceph/messenger.c
| ... | ... | @@ -2267,6 +2267,19 @@ |
| 2267 | 2267 | m->more_to_follow = false; |
| 2268 | 2268 | m->pool = NULL; |
| 2269 | 2269 | |
| 2270 | + /* middle */ | |
| 2271 | + m->middle = NULL; | |
| 2272 | + | |
| 2273 | + /* data */ | |
| 2274 | + m->nr_pages = 0; | |
| 2275 | + m->page_alignment = 0; | |
| 2276 | + m->pages = NULL; | |
| 2277 | + m->pagelist = NULL; | |
| 2278 | + m->bio = NULL; | |
| 2279 | + m->bio_iter = NULL; | |
| 2280 | + m->bio_seg = 0; | |
| 2281 | + m->trail = NULL; | |
| 2282 | + | |
| 2270 | 2283 | /* front */ |
| 2271 | 2284 | if (front_len) { |
| 2272 | 2285 | if (front_len > PAGE_CACHE_SIZE) { |
| ... | ... | @@ -2285,19 +2298,6 @@ |
| 2285 | 2298 | m->front.iov_base = NULL; |
| 2286 | 2299 | } |
| 2287 | 2300 | m->front.iov_len = front_len; |
| 2288 | - | |
| 2289 | - /* middle */ | |
| 2290 | - m->middle = NULL; | |
| 2291 | - | |
| 2292 | - /* data */ | |
| 2293 | - m->nr_pages = 0; | |
| 2294 | - m->page_alignment = 0; | |
| 2295 | - m->pages = NULL; | |
| 2296 | - m->pagelist = NULL; | |
| 2297 | - m->bio = NULL; | |
| 2298 | - m->bio_iter = NULL; | |
| 2299 | - m->bio_seg = 0; | |
| 2300 | - m->trail = NULL; | |
| 2301 | 2301 | |
| 2302 | 2302 | dout("ceph_msg_new %p front %d\n", m, front_len); |
| 2303 | 2303 | return m; |