• Ilya Dryomov's avatar
    libceph: set last_piece in ceph_msg_data_pages_cursor_init() correctly · b704f8b1
    Ilya Dryomov authored
    commit 5f740d7e upstream.
    
    Determining ->last_piece based on the value of ->page_offset + length
    is incorrect because length here is the length of the entire message.
    ->last_piece set to false even if page array data item length is <=
    PAGE_SIZE, which results in invalid length passed to
    ceph_tcp_{send,recv}page() and causes various asserts to fire.
    
        # cat pages-cursor-init.sh
        #!/bin/bash
        rbd create --size 10 --image-format 2 foo
        FOO_DEV=$(rbd map foo)
        dd if=/dev/urandom of=$FOO_DEV bs=1M &>/dev/null
        rbd snap create foo@snap
        rbd snap protect foo@snap
        rbd clone foo@snap bar
        # rbd_resize calls librbd rbd_resize(), size is in bytes
        ./rbd_resize bar $(((4 << 20) + 512))
        rbd resize --size 10 bar
        BAR_DEV=$(rbd map bar)
        # trigger a 512-byte copyup -- 512-byte page array data item
        dd if=/dev/urandom of=$BAR_DEV bs=1M count=1 seek=5
    
    The problem exists only in ceph_msg_data_pages_cursor_init(),
    ceph_msg_data_pages_advance() does the right thing.  The size_t cast is
    unnecessary.
    Signed-off-by: default avatarIlya Dryomov <ilya.dryomov@inktank.com>
    Reviewed-by: default avatarSage Weil <sage@redhat.com>
    Reviewed-by: default avatarAlex Elder <elder@linaro.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    b704f8b1
messenger.c 82 KB