Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 393f6620 authored by Sage Weil's avatar Sage Weil
Browse files

ceph: fix possible double-free of mds request reference 



Clear pointer to mds request after dropping the reference to
ensure we don't drop it again, as there is at least one error
path through this function that does not reset fi->last_readdir
to a new value.

Signed-off-by: default avatarSage Weil <sage@newdream.net>
parent d96d6049

fs/ceph/dir.c

+3 −1
Original line number Diff line number Diff line
@@ -288,8 +288,10 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir) 
			CEPH_MDS_OP_LSSNAP : CEPH_MDS_OP_READDIR;



		/* discard old result, if any */

		if (fi->last_readdir)

		if (fi->last_readdir) {

			ceph_mdsc_put_request(fi->last_readdir);

			fi->last_readdir = NULL;

		}



		/* requery frag tree, as the frag topology may have changed */

		frag = ceph_choose_frag(ceph_inode(inode), frag, NULL, NULL);