summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--fs/ceph/ceph_fs.h5
-rw-r--r--fs/ceph/mon_client.c11
2 files changed, 12 insertions, 4 deletions
diff --git a/fs/ceph/ceph_fs.h b/fs/ceph/ceph_fs.h
index 56af192cb430..9b16e2e06ea6 100644
--- a/fs/ceph/ceph_fs.h
+++ b/fs/ceph/ceph_fs.h
@@ -162,6 +162,11 @@ struct ceph_mon_subscribe_item {
__u8 onetime;
} __attribute__ ((packed));
+struct ceph_mon_subscribe_ack {
+ __le32 duration; /* seconds */
+ struct ceph_fsid fsid;
+} __attribute__ ((packed));
+
/*
* mds states
* > 0 -> in
diff --git a/fs/ceph/mon_client.c b/fs/ceph/mon_client.c
index bea2be9077e4..d52e52968d01 100644
--- a/fs/ceph/mon_client.c
+++ b/fs/ceph/mon_client.c
@@ -199,10 +199,12 @@ static void handle_subscribe_ack(struct ceph_mon_client *monc,
struct ceph_msg *msg)
{
unsigned seconds;
- void *p = msg->front.iov_base;
- void *end = p + msg->front.iov_len;
+ struct ceph_mon_subscribe_ack *h = msg->front.iov_base;
+
+ if (msg->front.iov_len < sizeof(*h))
+ goto bad;
+ seconds = le32_to_cpu(h->duration);
- ceph_decode_32_safe(&p, end, seconds, bad);
mutex_lock(&monc->mutex);
if (monc->hunting) {
pr_info("mon%d %s session established\n",
@@ -541,7 +543,8 @@ int ceph_monc_init(struct ceph_mon_client *monc, struct ceph_client *cl)
err = ceph_msgpool_init(&monc->msgpool_mount_ack, 4096, 1, false);
if (err < 0)
goto out;
- err = ceph_msgpool_init(&monc->msgpool_subscribe_ack, 8, 1, false);
+ err = ceph_msgpool_init(&monc->msgpool_subscribe_ack,
+ sizeof(struct ceph_mon_subscribe_ack), 1, false);
if (err < 0)
goto out;
err = ceph_msgpool_init(&monc->msgpool_statfs_reply,