Description
In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply using a separate state machine, largely independent of the messenger's state. If a connection is lost mid-payload or the sparse-read state machine returns an error, the sparse-read state is not reset. The OSD client will then interpret the beginning of a new reply as the continuation of the old one. If this makes the sparse-read machinery enter a failure state, it may never recover, producing loops like: libceph: [0] got 0 extents libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read libceph: data len 142248331 != extent len 0 libceph: osd0 (1)...:6801 socket error on read Therefore, reset the sparse-read state in osd_fault(), ensuring retries start from a clean state.
Product status
f628d799972799023d32c2542bb2639eb8c4f84e (git) before 90a60fe61908afa0eaf7f8fcf1421b9b50e5f7ff
f628d799972799023d32c2542bb2639eb8c4f84e (git) before e94075e950a6598e710b9f7dffea5aa388f40313
f628d799972799023d32c2542bb2639eb8c4f84e (git) before 10b7c72810364226f7b27916ea3e2a4f870bc04b
f628d799972799023d32c2542bb2639eb8c4f84e (git) before 11194b416ef95012c2cfe5f546d71af07b639e93
6.6
Any version before 6.6
6.6.121 (semver)
6.12.66 (semver)
6.18.6 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/90a60fe61908afa0eaf7f8fcf1421b9b50e5f7ff
git.kernel.org/...c/e94075e950a6598e710b9f7dffea5aa388f40313
git.kernel.org/...c/10b7c72810364226f7b27916ea3e2a4f870bc04b
git.kernel.org/...c/11194b416ef95012c2cfe5f546d71af07b639e93