Re: [PATCH] fs/ceph/mds_client: fix memory leaks in ceph_mdsc_build_path()
From: Viacheslav Dubeyko
Date: Tue Feb 24 2026 - 14:50:10 EST
On Tue, 2026-02-24 at 14:26 +0100, Max Kellermann wrote:
> Add __putname() calls to error code paths that did not free the "path"
> pointer obtained by __getname(). If ownership of this pointer is not
> passed to the caller via path_info.path, the function must free it
> before returning.
>
> Fixes: 3fd945a79e14 ("ceph: encode encrypted name in ceph_mdsc_build_path and dentry release")
> Fixes: 550f7ca98ee0 ("ceph: give up on paths longer than PATH_MAX")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Max Kellermann <max.kellermann@xxxxxxxxx>
> ---
> fs/ceph/mds_client.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
> index 23b6d00643c9..b1746273f186 100644
> --- a/fs/ceph/mds_client.c
> +++ b/fs/ceph/mds_client.c
> @@ -2768,6 +2768,7 @@ char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry,
> if (ret < 0) {
> dput(parent);
> dput(cur);
> + __putname(path);
> return ERR_PTR(ret);
> }
>
> @@ -2777,6 +2778,7 @@ char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry,
> if (len < 0) {
> dput(parent);
> dput(cur);
> + __putname(path);
> return ERR_PTR(len);
> }
> }
> @@ -2813,6 +2815,7 @@ char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry,
> * cannot ever succeed. Creating paths that long is
> * possible with Ceph, but Linux cannot use them.
> */
> + __putname(path);
> return ERR_PTR(-ENAMETOOLONG);
> }
Makes sense. I think it could look better to have one place of processing error
case and calling __putname():
char *ceph_mdsc_build_path(struct ceph_mds_client *mdsc, struct dentry *dentry,
struct ceph_path_info *path_info, int for_wire)
{
<main execution flow>
return path + pos;
fail_build_path:
__putname(path);
return ERR_PTR(<error code>);
}
Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko@xxxxxxx>
Thanks,
Slava.