Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a149bb9a authored by Sanidhya Kashyap's avatar Sanidhya Kashyap Committed by Ilya Dryomov
Browse files

ceph: kstrdup() memory handling 



Currently, there is no check for the kstrdup() for r_path2,
r_path1 and snapdir_name as various locations as there is a
possibility of failure during memory pressure. Therefore,
returning ENOMEM where the checks have been missed.

Signed-off-by: default avatarSanidhya Kashyap <sanidhya.gatech@gmail.com>
Signed-off-by: default avatarYan, Zheng <zyan@redhat.com>
parent c1d00b2d

fs/ceph/dir.c

+18 −6
Original line number Diff line number Diff line
@@ -337,16 +337,23 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx) 
			ceph_mdsc_put_request(req);

			return err;

		}

		req->r_inode = inode;

		ihold(inode);

		req->r_dentry = dget(file->f_path.dentry);

		/* hints to request -> mds selection code */

		req->r_direct_mode = USE_AUTH_MDS;

		req->r_direct_hash = ceph_frag_value(frag);

		req->r_direct_is_hash = true;

		if (fi->last_name) {

			req->r_path2 = kstrdup(fi->last_name, GFP_NOFS);

			if (!req->r_path2) {

				ceph_mdsc_put_request(req);

				return -ENOMEM;

			}

		}

		req->r_readdir_offset = fi->next_offset;

		req->r_args.readdir.frag = cpu_to_le32(frag);



		req->r_inode = inode;

		ihold(inode);

		req->r_dentry = dget(file->f_path.dentry);

		err = ceph_mdsc_do_request(mdsc, NULL, req);

		if (err < 0) {

			ceph_mdsc_put_request(req);
@@ -757,10 +764,15 @@ static int ceph_symlink(struct inode *dir, struct dentry *dentry, 
		err = PTR_ERR(req);

		goto out;

	}

	req->r_dentry = dget(dentry);

	req->r_num_caps = 2;

	req->r_path2 = kstrdup(dest, GFP_NOFS);

	if (!req->r_path2) {

		err = -ENOMEM;

		ceph_mdsc_put_request(req);

		goto out;

	}

	req->r_locked_dir = dir;

	req->r_dentry = dget(dentry);

	req->r_num_caps = 2;

	req->r_dentry_drop = CEPH_CAP_FILE_SHARED;

	req->r_dentry_unless = CEPH_CAP_FILE_EXCL;

	err = ceph_mdsc_do_request(mdsc, dir, req);

fs/ceph/super.c

+10 −0
Original line number Diff line number Diff line
@@ -345,6 +345,11 @@ static int parse_mount_options(struct ceph_mount_options **pfsopt, 
	fsopt->rsize = CEPH_RSIZE_DEFAULT;

	fsopt->rasize = CEPH_RASIZE_DEFAULT;

	fsopt->snapdir_name = kstrdup(CEPH_SNAPDIRNAME_DEFAULT, GFP_KERNEL);

	if (!fsopt->snapdir_name) {

		err = -ENOMEM;

		goto out;

	}



	fsopt->caps_wanted_delay_min = CEPH_CAPS_WANTED_DELAY_MIN_DEFAULT;

	fsopt->caps_wanted_delay_max = CEPH_CAPS_WANTED_DELAY_MAX_DEFAULT;

	fsopt->cap_release_safety = CEPH_CAP_RELEASE_SAFETY_DEFAULT;
@@ -730,6 +735,11 @@ static struct dentry *open_root_dentry(struct ceph_fs_client *fsc, 
	if (IS_ERR(req))

		return ERR_CAST(req);

	req->r_path1 = kstrdup(path, GFP_NOFS);

	if (!req->r_path1) {

		root = ERR_PTR(-ENOMEM);

		goto out;

	}



	req->r_ino1.ino = CEPH_INO_ROOT;

	req->r_ino1.snap = CEPH_NOSNAP;

	req->r_started = started;

fs/ceph/xattr.c

+16 −7
Original line number Diff line number Diff line
@@ -877,16 +877,23 @@ static int ceph_sync_setxattr(struct dentry *dentry, const char *name, 
		err = PTR_ERR(req);

		goto out;

	}

	req->r_inode = inode;

	ihold(inode);

	req->r_inode_drop = CEPH_CAP_XATTR_SHARED;

	req->r_num_caps = 1;



	req->r_args.setxattr.flags = cpu_to_le32(flags);

	req->r_path2 = kstrdup(name, GFP_NOFS);

	if (!req->r_path2) {

		ceph_mdsc_put_request(req);

		err = -ENOMEM;

		goto out;

	}



	req->r_pagelist = pagelist;

	pagelist = NULL;



	req->r_inode = inode;

	ihold(inode);

	req->r_num_caps = 1;

	req->r_inode_drop = CEPH_CAP_XATTR_SHARED;



	dout("xattr.ver (before): %lld\n", ci->i_xattrs.version);

	err = ceph_mdsc_do_request(mdsc, NULL, req);

	ceph_mdsc_put_request(req);
@@ -1019,12 +1026,14 @@ static int ceph_send_removexattr(struct dentry *dentry, const char *name) 
				       USE_AUTH_MDS);

	if (IS_ERR(req))

		return PTR_ERR(req);

	req->r_path2 = kstrdup(name, GFP_NOFS);

	if (!req->r_path2)

		return -ENOMEM;



	req->r_inode = inode;

	ihold(inode);

	req->r_inode_drop = CEPH_CAP_XATTR_SHARED;

	req->r_num_caps = 1;

	req->r_path2 = kstrdup(name, GFP_NOFS);



	req->r_inode_drop = CEPH_CAP_XATTR_SHARED;

	err = ceph_mdsc_do_request(mdsc, NULL, req);

	ceph_mdsc_put_request(req);

	return err;