Commit b5d91704 authored by Ilya Dryomov's avatar Ilya Dryomov

libceph: behave in mon_fault() if cur_mon < 0

This can happen if __close_session() in ceph_monc_stop() races with
a connection reset.  We need to ignore such faults, otherwise it's
likely we would take !hunting, call __schedule_delayed() and end up
with delayed_work() executing on invalid memory, among other things.

The (two!) con->private tests are useless, as nothing ever clears
con->private.  Nuke them.
Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
parent bee3a37c
...@@ -1155,14 +1155,9 @@ static void mon_fault(struct ceph_connection *con) ...@@ -1155,14 +1155,9 @@ static void mon_fault(struct ceph_connection *con)
{ {
struct ceph_mon_client *monc = con->private; struct ceph_mon_client *monc = con->private;
if (!monc)
return;
dout("mon_fault\n");
mutex_lock(&monc->mutex); mutex_lock(&monc->mutex);
if (!con->private) dout("%s mon%d\n", __func__, monc->cur_mon);
goto out; if (monc->cur_mon >= 0) {
if (!monc->hunting) { if (!monc->hunting) {
dout("%s hunting for new mon\n", __func__); dout("%s hunting for new mon\n", __func__);
reopen_session(monc); reopen_session(monc);
...@@ -1170,7 +1165,7 @@ static void mon_fault(struct ceph_connection *con) ...@@ -1170,7 +1165,7 @@ static void mon_fault(struct ceph_connection *con)
} else { } else {
dout("%s already hunting\n", __func__); dout("%s already hunting\n", __func__);
} }
out: }
mutex_unlock(&monc->mutex); mutex_unlock(&monc->mutex);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment