Pages are freed in `ceph_osdc_put_request`, trying to release them
this way will end badly.
On Wed, Nov 27, 2024 at 11:20 PM Max Kellermann
<max.kellermann@xxxxxxxxx> wrote:
>
> In two `break` statements, the call to ceph_release_page_vector() was
> missing, leaking the allocation from ceph_alloc_page_vector().
>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Max Kellermann <max.kellermann@xxxxxxxxx>
> ---
> fs/ceph/file.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/ceph/file.c b/fs/ceph/file.c
> index 4b8d59ebda00..24d0f1cc9aac 100644
> --- a/fs/ceph/file.c
> +++ b/fs/ceph/file.c
> @@ -1134,6 +1134,7 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos,
> extent_cnt = __ceph_sparse_read_ext_count(inode, read_len);
> ret = ceph_alloc_sparse_ext_map(op, extent_cnt);
> if (ret) {
> + ceph_release_page_vector(pages, num_pages);
> ceph_osdc_put_request(req);
> break;
> }
> @@ -1168,6 +1169,7 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos,
> op->extent.sparse_ext_cnt);
> if (fret < 0) {
> ret = fret;
> + ceph_release_page_vector(pages, num_pages);
> ceph_osdc_put_request(req);
> break;
> }
> --
> 2.45.2
>
