rbd: Clear ceph_msg->bio_iter for retransmitted message

(cherry picked from commit 43643528cce60ca184fe8197efa8e8da7c89a037) (cherry picked from commit b132cf4c733f91bb4dd2277ea049243cf16e8b66) The bug can cause NULL pointer dereference in write_partial_msg_pages Signed-off-by: Zheng Yan <zheng.z.yan@intel.com> Reviewed-by: Alex Elder <elder@inktank.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Yan, Zheng <zheng.z.yan@intel.com> 2012-06-06 19:35:55 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2012-11-26 11:38:09 -0800
commit: 576e428b246271f0f078079c68a9f11679c7db8a (patch)
tree: 147e2fb1c6899ddda780f84196581c6f6c0cba2a
parent: acecca48781a79040dca822cf96d505904c282c3 (diff)
download: lwn-576e428b246271f0f078079c68a9f11679c7db8a.tar.gz
lwn-576e428b246271f0f078079c68a9f11679c7db8a.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index 1a80907282cc..375ae3953e25 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -563,6 +563,10 @@ static void prepare_write_message(struct ceph_connection *con)
 		m->hdr.seq = cpu_to_le64(++con->out_seq);
 		m->needs_out_seq = false;
 	}
+#ifdef CONFIG_BLOCK
+	else
+		m->bio_iter = NULL;
+#endif
 
 	dout("prepare_write_message %p seq %lld type %d len %d+%d+%d %d pgs\n",
 	     m, con->out_seq, le16_to_cpu(m->hdr.type),
author	Yan, Zheng <zheng.z.yan@intel.com>	2012-06-06 19:35:55 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2012-11-26 11:38:09 -0800
commit	576e428b246271f0f078079c68a9f11679c7db8a (patch)
tree	147e2fb1c6899ddda780f84196581c6f6c0cba2a
parent	acecca48781a79040dca822cf96d505904c282c3 (diff)
download	lwn-576e428b246271f0f078079c68a9f11679c7db8a.tar.gz lwn-576e428b246271f0f078079c68a9f11679c7db8a.zip