aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2024-10-04 10:10:23 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2024-10-04 10:10:23 -0700
commita3a37691e662b76d9c8a4d74cd856b5a4ae8286e (patch)
treed788a3befb8beff56c0c1a84d82df3e33fa7c3c2
parent79eb2c07afbe4d165734ea61a258dd8410ec6624 (diff)
parentccda9910d8490f4fb067131598e4b2e986faa5a0 (diff)
Merge tag 'ceph-for-6.12-rc2' of https://github.com/ceph/ceph-client
Pull ceph fixes from Ilya Dryomov: "A fix from Patrick for a variety of CephFS lockup scenarios caused by a regression in cap handling which sneaked in through the netfs helper library in 5.18 (marked for stable) and an unrelated one-line cleanup" * tag 'ceph-for-6.12-rc2' of https://github.com/ceph/ceph-client: ceph: fix cap ref leak via netfs init_request ceph: use struct_size() helper in __ceph_pool_perm_get()
-rw-r--r--fs/ceph/addr.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
index 53fef258c2bc..c2a9e2cc03de 100644
--- a/fs/ceph/addr.c
+++ b/fs/ceph/addr.c
@@ -489,8 +489,11 @@ static int ceph_init_request(struct netfs_io_request *rreq, struct file *file)
rreq->io_streams[0].sreq_max_len = fsc->mount_options->rsize;
out:
- if (ret < 0)
+ if (ret < 0) {
+ if (got)
+ ceph_put_cap_refs(ceph_inode(inode), got);
kfree(priv);
+ }
return ret;
}
@@ -2145,7 +2148,7 @@ static int __ceph_pool_perm_get(struct ceph_inode_info *ci,
}
pool_ns_len = pool_ns ? pool_ns->len : 0;
- perm = kmalloc(sizeof(*perm) + pool_ns_len + 1, GFP_NOFS);
+ perm = kmalloc(struct_size(perm, pool_ns, pool_ns_len + 1), GFP_NOFS);
if (!perm) {
err = -ENOMEM;
goto out_unlock;