[PATCH 1/2] ntfs: free link name from ntfs_name_cache

Next message: DaeMyung Kang: "[PATCH 2/2] ntfs: validate resident file name attribute length"
Previous message: DaeMyung Kang: "[PATCH 0/2] ntfs: fix link name free and $FILE_NAME validation"
In reply to: DaeMyung Kang: "[PATCH 0/2] ntfs: fix link name free and $FILE_NAME validation"
Next in thread: Namjae Jeon: "Re: [PATCH 1/2] ntfs: free link name from ntfs_name_cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: DaeMyung Kang

Date: Sun May 24 2026 - 01:43:55 EST

ntfs_link() converts the new link name with ntfs_nlstoucs() using
NTFS_MAX_NAME_LEN. In this case ntfs_nlstoucs() allocates the result
from ntfs_name_cache, and its contract requires callers to release the
buffer with kmem_cache_free(ntfs_name_cache, ...).

All other ntfs_nlstoucs() callers in namei.c do that, but ntfs_link()
uses kfree(), which mismatches the allocator for successfully converted
names.

The conversion failure path reaches the common out label with uname ==
NULL. That was harmless for kfree(), but kmem_cache_free() does not
provide the same NULL contract. Return directly on conversion failure
and free successful conversions with ntfs_name_cache.

Fixes: af0db57d4293 ("ntfs: update inode operations")
Signed-off-by: DaeMyung Kang <charsyam@xxxxxxxxx>
---
fs/ntfs/namei.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/fs/ntfs/namei.c b/fs/ntfs/namei.c
index c4f82846c58c..9c1c36acfad2 100644
--- a/fs/ntfs/namei.c
+++ b/fs/ntfs/namei.c
@@ -1532,8 +1532,7 @@ static int ntfs_link(struct dentry *old_dentry, struct inode *dir,
if (uname_len < 0) {
if (uname_len != -ENAMETOOLONG)
ntfs_error(sb, "Failed to convert name to unicode.");
- err = -ENOMEM;
- goto out;
+ return -ENOMEM;
}

if (!(vol->vol_flags & VOLUME_IS_DIRTY))
@@ -1563,7 +1562,7 @@ static int ntfs_link(struct dentry *old_dentry, struct inode *dir,
mutex_unlock(&ni->mrec_lock);

out:
- kfree(uname);
+ kmem_cache_free(ntfs_name_cache, uname);
return err;
}

--
2.43.0