fs/ceph/mds_client.c | 3 +++ 1 file changed, 3 insertions(+)
Add __putname() calls to error code paths that did not free the "path"
pointer obtained by __getname(). If ownership of this pointer is not
passed to the caller via path_info.path, the function must free it
before returning.
Fixes: 3fd945a79e14 ("ceph: encode encrypted name in ceph_mdsc_build_path and dentry release")
Fixes: 550f7ca98ee0 ("ceph: give up on paths longer than PATH_MAX")
Cc: stable@vger.kernel.org
Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
---
fs/ceph/mds_client.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index 23b6d00643c9..b1746273f186 100644
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -2768,6 +2768,7 @@ char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry,
if (ret < 0) {
dput(parent);
dput(cur);
+ __putname(path);
return ERR_PTR(ret);
}
@@ -2777,6 +2778,7 @@ char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry,
if (len < 0) {
dput(parent);
dput(cur);
+ __putname(path);
return ERR_PTR(len);
}
}
@@ -2813,6 +2815,7 @@ char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry,
* cannot ever succeed. Creating paths that long is
* possible with Ceph, but Linux cannot use them.
*/
+ __putname(path);
return ERR_PTR(-ENAMETOOLONG);
}
--
2.47.3On Tue, 2026-02-24 at 14:26 +0100, Max Kellermann wrote:
> Add __putname() calls to error code paths that did not free the "path"
> pointer obtained by __getname(). If ownership of this pointer is not
> passed to the caller via path_info.path, the function must free it
> before returning.
>
> Fixes: 3fd945a79e14 ("ceph: encode encrypted name in ceph_mdsc_build_path and dentry release")
> Fixes: 550f7ca98ee0 ("ceph: give up on paths longer than PATH_MAX")
> Cc: stable@vger.kernel.org
> Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
> ---
> fs/ceph/mds_client.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
> index 23b6d00643c9..b1746273f186 100644
> --- a/fs/ceph/mds_client.c
> +++ b/fs/ceph/mds_client.c
> @@ -2768,6 +2768,7 @@ char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry,
> if (ret < 0) {
> dput(parent);
> dput(cur);
> + __putname(path);
> return ERR_PTR(ret);
> }
>
> @@ -2777,6 +2778,7 @@ char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry,
> if (len < 0) {
> dput(parent);
> dput(cur);
> + __putname(path);
> return ERR_PTR(len);
> }
> }
> @@ -2813,6 +2815,7 @@ char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry,
> * cannot ever succeed. Creating paths that long is
> * possible with Ceph, but Linux cannot use them.
> */
> + __putname(path);
> return ERR_PTR(-ENAMETOOLONG);
> }
Makes sense. I think it could look better to have one place of processing error
case and calling __putname():
char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry,
struct ceph_path_info *path_info, int for_wire)
{
<main execution flow>
return path + pos;
fail_build_path:
__putname(path);
return ERR_PTR(<error code>);
}
Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>
Thanks,
Slava.
© 2016 - 2026 Red Hat, Inc.