From a5e7ac77aba1fdbe5b28b5071626ad4260506ada Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@newdream.net>
Date: Wed, 14 Oct 2009 17:26:40 -0700
Subject: [PATCH] --- yaml --- r: 188583 b: refs/heads/master c:
 07bd10fb9853a41a7f0bb271721cca97d15eccae h: refs/heads/master i:   188581:
 9fdfab9c0881d73adb424dd60c3658fe4d7905ab   188579:
 4b3381899a89a65f6f1cd53ef1b9dacabff581f3   188575:
 e952cf459f9e60ce44c48032abc80343ef130f59 v: v3

---
 [refs]                     |  2 +-
 trunk/fs/ceph/ceph_fs.h    |  5 +++++
 trunk/fs/ceph/mon_client.c | 11 +++++++----
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/[refs] b/[refs]
index 24893190cdc4..f19f68399ba2 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: afcdaea3f2a78ce4873bd7e98a6d603bda23d167
+refs/heads/master: 07bd10fb9853a41a7f0bb271721cca97d15eccae
diff --git a/trunk/fs/ceph/ceph_fs.h b/trunk/fs/ceph/ceph_fs.h
index 56af192cb430..9b16e2e06ea6 100644
--- a/trunk/fs/ceph/ceph_fs.h
+++ b/trunk/fs/ceph/ceph_fs.h
@@ -162,6 +162,11 @@ struct ceph_mon_subscribe_item {
 	__u8 onetime;
 } __attribute__ ((packed));
 
+struct ceph_mon_subscribe_ack {
+	__le32 duration;         /* seconds */
+	struct ceph_fsid fsid;
+} __attribute__ ((packed));
+
 /*
  * mds states
  *   > 0 -> in
diff --git a/trunk/fs/ceph/mon_client.c b/trunk/fs/ceph/mon_client.c
index bea2be9077e4..d52e52968d01 100644
--- a/trunk/fs/ceph/mon_client.c
+++ b/trunk/fs/ceph/mon_client.c
@@ -199,10 +199,12 @@ static void handle_subscribe_ack(struct ceph_mon_client *monc,
 				 struct ceph_msg *msg)
 {
 	unsigned seconds;
-	void *p = msg->front.iov_base;
-	void *end = p + msg->front.iov_len;
+	struct ceph_mon_subscribe_ack *h = msg->front.iov_base;
+
+	if (msg->front.iov_len < sizeof(*h))
+		goto bad;
+	seconds = le32_to_cpu(h->duration);
 
-	ceph_decode_32_safe(&p, end, seconds, bad);
 	mutex_lock(&monc->mutex);
 	if (monc->hunting) {
 		pr_info("mon%d %s session established\n",
@@ -541,7 +543,8 @@ int ceph_monc_init(struct ceph_mon_client *monc, struct ceph_client *cl)
 	err = ceph_msgpool_init(&monc->msgpool_mount_ack, 4096, 1, false);
 	if (err < 0)
 		goto out;
-	err = ceph_msgpool_init(&monc->msgpool_subscribe_ack, 8, 1, false);
+	err = ceph_msgpool_init(&monc->msgpool_subscribe_ack,
+			       sizeof(struct ceph_mon_subscribe_ack), 1, false);
 	if (err < 0)
 		goto out;
 	err = ceph_msgpool_init(&monc->msgpool_statfs_reply,