ceph: fix error paths for corrupt osdmap messages

Both osdmap_decode() and osdmap_apply_incremental() should never return
NULL.

Signed-off-by: Sage Weil <sage@newdream.net>
diff --git a/fs/ceph/osdmap.c b/fs/ceph/osdmap.c
index 8c8ffe5..a941630 100644
--- a/fs/ceph/osdmap.c
+++ b/fs/ceph/osdmap.c
@@ -200,6 +200,7 @@
 			size = sizeof(struct crush_bucket_straw);
 			break;
 		default:
+			err = -EINVAL;
 			goto bad;
 		}
 		BUG_ON(size == 0);
@@ -278,6 +279,7 @@
 		/* len */
 		ceph_decode_32_safe(p, end, yes, bad);
 #if BITS_PER_LONG == 32
+		err = -EINVAL;
 		if (yes > ULONG_MAX / sizeof(struct crush_rule_step))
 			goto bad;
 #endif
@@ -489,11 +491,10 @@
 		ceph_decode_copy(p, &pgid, sizeof(pgid));
 		n = ceph_decode_32(p);
 		ceph_decode_need(p, end, n * sizeof(u32), bad);
+		err = -ENOMEM;
 		pg = kmalloc(sizeof(*pg) + n*sizeof(u32), GFP_NOFS);
-		if (!pg) {
-			err = -ENOMEM;
+		if (!pg)
 			goto bad;
-		}
 		pg->pgid = pgid;
 		pg->len = n;
 		for (j = 0; j < n; j++)
@@ -564,8 +565,7 @@
 	if (len > 0) {
 		dout("apply_incremental full map len %d, %p to %p\n",
 		     len, *p, end);
-		newmap = osdmap_decode(p, min(*p+len, end));
-		return newmap;  /* error or not */
+		return osdmap_decode(p, min(*p+len, end));
 	}
 
 	/* new crush? */
@@ -809,6 +809,7 @@
 	struct ceph_pg_pool_info *pool;
 	unsigned ps;
 
+	BUG_ON(!osdmap);
 	if (poolid >= osdmap->num_pools)
 		return -EIO;