ceph: fix possible double-free of mds request reference

Clear pointer to mds request after dropping the reference to ensure we don't drop it again, as there is at least one error path through this function that does not reset fi->last_readdir to a new value. Signed-off-by: Sage Weil <sage@newdream.net>
author: Sage Weil <sage@newdream.net> 2010-03-10 12:03:32 -0800
committer: Sage Weil <sage@newdream.net> 2010-03-23 07:47:06 -0700
commit: 393f66209669ad23f4f6d4191234c1df4367df3c (patch)
tree: 5c628bcf731c98f5627000192e7f2d23a7a039a5 /fs
parent: d96d60498ff748c5a88c72ec5d1cc4ba9a583e7e (diff)
download: kernel_samsung_espresso10-393f66209669ad23f4f6d4191234c1df4367df3c.zip
kernel_samsung_espresso10-393f66209669ad23f4f6d4191234c1df4367df3c.tar.gz
kernel_samsung_espresso10-393f66209669ad23f4f6d4191234c1df4367df3c.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index 5107384..8a9116e 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -288,8 +288,10 @@ more:
 			CEPH_MDS_OP_LSSNAP : CEPH_MDS_OP_READDIR;
 
 		/* discard old result, if any */
-		if (fi->last_readdir)
+		if (fi->last_readdir) {
 			ceph_mdsc_put_request(fi->last_readdir);
+			fi->last_readdir = NULL;
+		}
 
 		/* requery frag tree, as the frag topology may have changed */
 		frag = ceph_choose_frag(ceph_inode(inode), frag, NULL, NULL);
author	Sage Weil <sage@newdream.net>	2010-03-10 12:03:32 -0800
committer	Sage Weil <sage@newdream.net>	2010-03-23 07:47:06 -0700
commit	393f66209669ad23f4f6d4191234c1df4367df3c (patch)
tree	5c628bcf731c98f5627000192e7f2d23a7a039a5 /fs
parent	d96d60498ff748c5a88c72ec5d1cc4ba9a583e7e (diff)
download	kernel_samsung_espresso10-393f66209669ad23f4f6d4191234c1df4367df3c.zip kernel_samsung_espresso10-393f66209669ad23f4f6d4191234c1df4367df3c.tar.gz kernel_samsung_espresso10-393f66209669ad23f4f6d4191234c1df4367df3c.tar.bz2