diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-09-24 20:28:18 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-09-24 20:28:18 +0300 |
commit | 4c4f0c2bf3415a5fe7512d17d841bc1f8020b2cb (patch) | |
tree | a225fb2f4b5b19f9751d47e19baadaae33782f18 /fs | |
parent | e655c81ade7b877cb5ee31c85e88928ec3f77db6 (diff) | |
parent | 708c87168b6121abc74b2a57d0c498baaf70cbea (diff) | |
download | linux-4c4f0c2bf3415a5fe7512d17d841bc1f8020b2cb.tar.xz |
Merge tag 'ceph-for-5.15-rc3' of git://github.com/ceph/ceph-client
Pull ceph fix from Ilya Dryomov:
"A fix for a potential array out of bounds access from Dan"
* tag 'ceph-for-5.15-rc3' of git://github.com/ceph/ceph-client:
ceph: fix off by one bugs in unsafe_request_wait()
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ceph/caps.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c index 6c0e52fd0743..3e42d0466521 100644 --- a/fs/ceph/caps.c +++ b/fs/ceph/caps.c @@ -2263,7 +2263,7 @@ retry: list_for_each_entry(req, &ci->i_unsafe_dirops, r_unsafe_dir_item) { s = req->r_session; - if (unlikely(s->s_mds > max)) { + if (unlikely(s->s_mds >= max)) { spin_unlock(&ci->i_unsafe_lock); goto retry; } @@ -2277,7 +2277,7 @@ retry: list_for_each_entry(req, &ci->i_unsafe_iops, r_unsafe_target_item) { s = req->r_session; - if (unlikely(s->s_mds > max)) { + if (unlikely(s->s_mds >= max)) { spin_unlock(&ci->i_unsafe_lock); goto retry; } |