This is a note to let you know that I've just added the patch titled
rbd: fix error handling from rbd_snap_name()
to the 3.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
rbd-fix-error-handling-from-rbd_snap_name.patch
and it can be found in the queue-3.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From da6a6b63978d45f9ae582d1f362f182012da3a22 Mon Sep 17 00:00:00 2001
From: Josh Durgin <josh.durgin@xxxxxxxxxxx>
Date: Wed, 4 Sep 2013 17:57:31 -0700
Subject: rbd: fix error handling from rbd_snap_name()
From: Josh Durgin <josh.durgin@xxxxxxxxxxx>
commit da6a6b63978d45f9ae582d1f362f182012da3a22 upstream.
rbd_snap_name() calls rbd_dev_v{1,2}_snap_name() depending on the
format of the image. The format 1 version returns NULL on error, which
is handled by the caller. The format 2 version returns an ERR_PTR,
which the caller of rbd_snap_name() does not expect.
Fortunately this is unlikely to occur in practice because
rbd_snap_id_by_name() is called before rbd_snap_name(). This would hit
similar errors to rbd_snap_name() (like the snapshot not existing) and
return early, so rbd_snap_name() would not hit an error unless the
snapshot was removed between the two calls or memory was exhausted.
Use an ERR_PTR in rbd_dev_v1_snap_name() so that the specific error
can be propagated, and it is consistent with rbd_dev_v2_snap_name().
Handle the ERR_PTR in the only rbd_snap_name() caller.
Suggested-by: Alex Elder <alex.elder@xxxxxxxxxx>
Signed-off-by: Josh Durgin <josh.durgin@xxxxxxxxxxx>
Reviewed-by: Alex Elder <elder@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/block/rbd.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -937,12 +937,14 @@ static const char *rbd_dev_v1_snap_name(
u64 snap_id)
{
u32 which;
+ const char *snap_name;
which = rbd_dev_snap_index(rbd_dev, snap_id);
if (which == BAD_SNAP_INDEX)
- return NULL;
+ return ERR_PTR(-ENOENT);
- return _rbd_dev_v1_snap_name(rbd_dev, which);
+ snap_name = _rbd_dev_v1_snap_name(rbd_dev, which);
+ return snap_name ? snap_name : ERR_PTR(-ENOMEM);
}
static const char *rbd_snap_name(struct rbd_device *rbd_dev, u64 snap_id)
@@ -4140,8 +4142,8 @@ static int rbd_dev_spec_update(struct rb
/* Look up the snapshot name, and make a copy */
snap_name = rbd_snap_name(rbd_dev, spec->snap_id);
- if (!snap_name) {
- ret = -ENOMEM;
+ if (IS_ERR(snap_name)) {
+ ret = PTR_ERR(snap_name);
goto out_err;
}
Patches currently in stable-queue which might be from josh.durgin@xxxxxxxxxxx are
queue-3.10/rbd-make-rbd_obj_notify_ack-synchronous.patch
queue-3.10/libceph-add-function-to-ensure-notifies-are-complete.patch
queue-3.10/rbd-fix-buffer-size-for-writes-to-images-with-snapshots.patch
queue-3.10/rbd-fix-use-after-free-of-rbd_dev-disk.patch
queue-3.10/rbd-complete-notifies-before-cleaning-up-osd_client-and-rbd_dev.patch
queue-3.10/libceph-add-lingering-request-reference-when-registered.patch
queue-3.10/rbd-fix-null-dereference-in-dout.patch
queue-3.10/rbd-ignore-unmapped-snapshots-that-no-longer-exist.patch
queue-3.10/rbd-set-removing-flag-while-holding-list-lock.patch
queue-3.10/rbd-flush-dcache-after-zeroing-page-data.patch
queue-3.10/rbd-fix-error-handling-from-rbd_snap_name.patch
queue-3.10/rbd-protect-against-concurrent-unmaps.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html