• Ilya Dryomov's avatar
    libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() · 3b83f60d
    Ilya Dryomov authored
    ceph_msgpool_get() can fall back to ceph_msg_new() when it is asked for
    a message whose front portion is larger than pool->front_len.  However
    the caller always passes 0, effectively disabling that code path.  The
    allocation goes to the message pool and returns a message with a front
    that is smaller than requested, setting us up for a crash.
    
    One example of this is a directory with a large number of snapshots.
    If its snap context doesn't fit, we oops in encode_request_partial().
    Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
    3b83f60d
msgpool.c 2.06 KB