Patch "ceph: fix memory leak in ceph_readdir when note_last_dentry returns error" has been added to the 5.16-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 9 Apr 2022 22:22:37 -0400

This is a note to let you know that I've just added the patch titled

    ceph: fix memory leak in ceph_readdir when note_last_dentry returns error

to the 5.16-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ceph-fix-memory-leak-in-ceph_readdir-when-note_last_.patch
and it can be found in the queue-5.16 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 1133bac425a3877b5860d4edfcd0109587396a54
Author: Xiubo Li <xiubli@xxxxxxxxxx>
Date:   Sat Mar 5 19:52:59 2022 +0800

    ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
    
    [ Upstream commit f639d9867eea647005dc824e0e24f39ffc50d4e4 ]
    
    Reset the last_readdir at the same time, and add a comment explaining
    why we don't free last_readdir when dir_emit returns false.
    
    Signed-off-by: Xiubo Li <xiubli@xxxxxxxxxx>
    Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
    Signed-off-by: Ilya Dryomov <idryomov@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index 133dbd9338e7..d91fa53e12b3 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -478,8 +478,11 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx)
 					2 : (fpos_off(rde->offset) + 1);
 			err = note_last_dentry(dfi, rde->name, rde->name_len,
 					       next_offset);
-			if (err)
+			if (err) {
+				ceph_mdsc_put_request(dfi->last_readdir);
+				dfi->last_readdir = NULL;
 				return err;
+			}
 		} else if (req->r_reply_info.dir_end) {
 			dfi->next_offset = 2;
 			/* keep last name */
@@ -520,6 +523,12 @@ static int ceph_readdir(struct file *file, struct dir_context *ctx)
 		if (!dir_emit(ctx, rde->name, rde->name_len,
 			      ceph_present_ino(inode->i_sb, le64_to_cpu(rde->inode.in->ino)),
 			      le32_to_cpu(rde->inode.in->mode) >> 12)) {
+			/*
+			 * NOTE: Here no need to put the 'dfi->last_readdir',
+			 * because when dir_emit stops us it's most likely
+			 * doesn't have enough memory, etc. So for next readdir
+			 * it will continue.
+			 */
 			dout("filldir stopping us...\n");
 			return 0;
 		}






