ceph: kstrdup() memory handling

Currently, there is no check for the kstrdup() for r_path2, r_path1 and snapdir_name as various locations as there is a possibility of failure during memory pressure. Therefore, returning ENOMEM where the checks have been missed. Signed-off-by: Sanidhya Kashyap <sanidhya.gatech@gmail.com> Signed-off-by: Yan, Zheng <zyan@redhat.com>
author: Sanidhya Kashyap <sanidhya.gatech@gmail.com> 2015-03-21 12:54:58 -0400
committer: Ilya Dryomov <idryomov@gmail.com> 2015-04-20 11:55:34 -0400
commit: a149bb9a281c5c2904cf6fcdf9ed386340032ce3 (patch)
tree: 644078c1ab0c063382210f3d0b43a239070b1364 /fs
parent: c1d00b2d9c4fc821e33c5cdfbdbc32677cb0e2e0 (diff)
3 files changed, 44 insertions, 13 deletions
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index d486f2a5a88d..98c71e895e81 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -337,16 +337,23 @@ more:
                        ceph_mdsc_put_request(req);
                        return err;
                }
-                req->r_inode = inode;
-                ihold(inode);
-                req->r_dentry = dget(file->f_path.dentry);
                /* hints to request -> mds selection code */
                req->r_direct_mode = USE_AUTH_MDS;
                req->r_direct_hash = ceph_frag_value(frag);
                req->r_direct_is_hash = true;
-                req->r_path2 = kstrdup(fi->last_name, GFP_NOFS);
+                if (fi->last_name) {
+                        req->r_path2 = kstrdup(fi->last_name, GFP_NOFS);
+                        if (!req->r_path2) {
+                                ceph_mdsc_put_request(req);
+                                return -ENOMEM;
+                        }
+                }
                req->r_readdir_offset = fi->next_offset;
                req->r_args.readdir.frag = cpu_to_le32(frag);
+                req->r_inode = inode;
+                ihold(inode);
+                req->r_dentry = dget(file->f_path.dentry);
                err = ceph_mdsc_do_request(mdsc, NULL, req);
                if (err < 0) {
                        ceph_mdsc_put_request(req);
@@ -757,10 +764,15 @@ static int ceph_symlink(struct inode *dir, struct dentry *dentry,
                err = PTR_ERR(req);
                goto out;
        }
-        req->r_dentry = dget(dentry);
-        req->r_num_caps = 2;
        req->r_path2 = kstrdup(dest, GFP_NOFS);
+        if (!req->r_path2) {
+                err = -ENOMEM;
+                ceph_mdsc_put_request(req);
+                goto out;
+        }
        req->r_locked_dir = dir;
+        req->r_dentry = dget(dentry);
+        req->r_num_caps = 2;
        req->r_dentry_drop = CEPH_CAP_FILE_SHARED;
        req->r_dentry_unless = CEPH_CAP_FILE_EXCL;
        err = ceph_mdsc_do_request(mdsc, dir, req);
diff --git a/fs/ceph/super.c b/fs/ceph/super.c
index a63997b8bcff..9f035ccb6191 100644
--- a/fs/ceph/super.c
+++ b/fs/ceph/super.c
@@ -345,6 +345,11 @@ static int parse_mount_options(struct ceph_mount_options **pfsopt,
        fsopt->rsize = CEPH_RSIZE_DEFAULT;
        fsopt->rasize = CEPH_RASIZE_DEFAULT;
        fsopt->snapdir_name = kstrdup(CEPH_SNAPDIRNAME_DEFAULT, GFP_KERNEL);
+        if (!fsopt->snapdir_name) {
+                err = -ENOMEM;
+                goto out;
+        }
        fsopt->caps_wanted_delay_min = CEPH_CAPS_WANTED_DELAY_MIN_DEFAULT;
        fsopt->caps_wanted_delay_max = CEPH_CAPS_WANTED_DELAY_MAX_DEFAULT;
        fsopt->cap_release_safety = CEPH_CAP_RELEASE_SAFETY_DEFAULT;
@@ -730,6 +735,11 @@ static struct dentry *open_root_dentry(struct ceph_fs_client *fsc,
        if (IS_ERR(req))
                return ERR_CAST(req);
        req->r_path1 = kstrdup(path, GFP_NOFS);
+        if (!req->r_path1) {
+                root = ERR_PTR(-ENOMEM);
+                goto out;
+        }
        req->r_ino1.ino = CEPH_INO_ROOT;
        req->r_ino1.snap = CEPH_NOSNAP;
        req->r_started = started;
diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
index 5a492caf34cb..5c4c9c256931 100644
--- a/fs/ceph/xattr.c
+++ b/fs/ceph/xattr.c
@@ -877,16 +877,23 @@ static int ceph_sync_setxattr(struct dentry *dentry, const char *name,
                err = PTR_ERR(req);
                goto out;
        }
-        req->r_inode = inode;
-        ihold(inode);
-        req->r_inode_drop = CEPH_CAP_XATTR_SHARED;
-        req->r_num_caps = 1;
        req->r_args.setxattr.flags = cpu_to_le32(flags);
        req->r_path2 = kstrdup(name, GFP_NOFS);
+        if (!req->r_path2) {
+                ceph_mdsc_put_request(req);
+                err = -ENOMEM;
+                goto out;
+        }
        req->r_pagelist = pagelist;
        pagelist = NULL;
+        req->r_inode = inode;
+        ihold(inode);
+        req->r_num_caps = 1;
+        req->r_inode_drop = CEPH_CAP_XATTR_SHARED;
        dout("xattr.ver (before): %lld\n", ci->i_xattrs.version);
        err = ceph_mdsc_do_request(mdsc, NULL, req);
        ceph_mdsc_put_request(req);
@@ -1019,12 +1026,14 @@ static int ceph_send_removexattr(struct dentry *dentry, const char *name)
                                       USE_AUTH_MDS);
        if (IS_ERR(req))
                return PTR_ERR(req);
+        req->r_path2 = kstrdup(name, GFP_NOFS);
+        if (!req->r_path2)
+                return -ENOMEM;
        req->r_inode = inode;
        ihold(inode);
-        req->r_inode_drop = CEPH_CAP_XATTR_SHARED;
        req->r_num_caps = 1;
-        req->r_path2 = kstrdup(name, GFP_NOFS);
+        req->r_inode_drop = CEPH_CAP_XATTR_SHARED;
        err = ceph_mdsc_do_request(mdsc, NULL, req);
        ceph_mdsc_put_request(req);
        return err;
author	Sanidhya Kashyap <sanidhya.gatech@gmail.com>	2015-03-21 12:54:58 -0400
committer	Ilya Dryomov <idryomov@gmail.com>	2015-04-20 11:55:34 -0400
commit	a149bb9a281c5c2904cf6fcdf9ed386340032ce3 (patch)
tree	644078c1ab0c063382210f3d0b43a239070b1364 /fs
parent	c1d00b2d9c4fc821e33c5cdfbdbc32677cb0e2e0 (diff)

diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c index d486f2a5a88d..98c71e895e81 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c
@@ -337,16 +337,23 @@ more:
337	ceph_mdsc_put_request(req);	337	ceph_mdsc_put_request(req);
338	return err;	338	return err;
339	}	339	}
340	req->r_inode = inode;
341	ihold(inode);
342	req->r_dentry = dget(file->f_path.dentry);
343	/* hints to request -> mds selection code */	340	/* hints to request -> mds selection code */
344	req->r_direct_mode = USE_AUTH_MDS;	341	req->r_direct_mode = USE_AUTH_MDS;
345	req->r_direct_hash = ceph_frag_value(frag);	342	req->r_direct_hash = ceph_frag_value(frag);
346	req->r_direct_is_hash = true;	343	req->r_direct_is_hash = true;
347	req->r_path2 = kstrdup(fi->last_name, GFP_NOFS);	344	if (fi->last_name) {
		345	req->r_path2 = kstrdup(fi->last_name, GFP_NOFS);
		346	if (!req->r_path2) {
		347	ceph_mdsc_put_request(req);
		348	return -ENOMEM;
		349	}
		350	}
348	req->r_readdir_offset = fi->next_offset;	351	req->r_readdir_offset = fi->next_offset;
349	req->r_args.readdir.frag = cpu_to_le32(frag);	352	req->r_args.readdir.frag = cpu_to_le32(frag);
		353
		354	req->r_inode = inode;
		355	ihold(inode);
		356	req->r_dentry = dget(file->f_path.dentry);
350	err = ceph_mdsc_do_request(mdsc, NULL, req);	357	err = ceph_mdsc_do_request(mdsc, NULL, req);
351	if (err < 0) {	358	if (err < 0) {
352	ceph_mdsc_put_request(req);	359	ceph_mdsc_put_request(req);
@@ -757,10 +764,15 @@ static int ceph_symlink(struct inode dir, struct dentry dentry,
757	err = PTR_ERR(req);	764	err = PTR_ERR(req);
758	goto out;	765	goto out;
759	}	766	}
760	req->r_dentry = dget(dentry);
761	req->r_num_caps = 2;
762	req->r_path2 = kstrdup(dest, GFP_NOFS);	767	req->r_path2 = kstrdup(dest, GFP_NOFS);
		768	if (!req->r_path2) {
		769	err = -ENOMEM;
		770	ceph_mdsc_put_request(req);
		771	goto out;
		772	}
763	req->r_locked_dir = dir;	773	req->r_locked_dir = dir;
		774	req->r_dentry = dget(dentry);
		775	req->r_num_caps = 2;
764	req->r_dentry_drop = CEPH_CAP_FILE_SHARED;	776	req->r_dentry_drop = CEPH_CAP_FILE_SHARED;
765	req->r_dentry_unless = CEPH_CAP_FILE_EXCL;	777	req->r_dentry_unless = CEPH_CAP_FILE_EXCL;
766	err = ceph_mdsc_do_request(mdsc, dir, req);	778	err = ceph_mdsc_do_request(mdsc, dir, req);


diff --git a/fs/ceph/super.c b/fs/ceph/super.c index a63997b8bcff..9f035ccb6191 100644 --- a/fs/ceph/super.c +++ b/fs/ceph/super.c
@@ -345,6 +345,11 @@ static int parse_mount_options(struct ceph_mount_options **pfsopt,
345	fsopt->rsize = CEPH_RSIZE_DEFAULT;	345	fsopt->rsize = CEPH_RSIZE_DEFAULT;
346	fsopt->rasize = CEPH_RASIZE_DEFAULT;	346	fsopt->rasize = CEPH_RASIZE_DEFAULT;
347	fsopt->snapdir_name = kstrdup(CEPH_SNAPDIRNAME_DEFAULT, GFP_KERNEL);	347	fsopt->snapdir_name = kstrdup(CEPH_SNAPDIRNAME_DEFAULT, GFP_KERNEL);
		348	if (!fsopt->snapdir_name) {
		349	err = -ENOMEM;
		350	goto out;
		351	}
		352
348	fsopt->caps_wanted_delay_min = CEPH_CAPS_WANTED_DELAY_MIN_DEFAULT;	353	fsopt->caps_wanted_delay_min = CEPH_CAPS_WANTED_DELAY_MIN_DEFAULT;
349	fsopt->caps_wanted_delay_max = CEPH_CAPS_WANTED_DELAY_MAX_DEFAULT;	354	fsopt->caps_wanted_delay_max = CEPH_CAPS_WANTED_DELAY_MAX_DEFAULT;
350	fsopt->cap_release_safety = CEPH_CAP_RELEASE_SAFETY_DEFAULT;	355	fsopt->cap_release_safety = CEPH_CAP_RELEASE_SAFETY_DEFAULT;
@@ -730,6 +735,11 @@ static struct dentry open_root_dentry(struct ceph_fs_client fsc,
730	if (IS_ERR(req))	735	if (IS_ERR(req))
731	return ERR_CAST(req);	736	return ERR_CAST(req);
732	req->r_path1 = kstrdup(path, GFP_NOFS);	737	req->r_path1 = kstrdup(path, GFP_NOFS);
		738	if (!req->r_path1) {
		739	root = ERR_PTR(-ENOMEM);
		740	goto out;
		741	}
		742
733	req->r_ino1.ino = CEPH_INO_ROOT;	743	req->r_ino1.ino = CEPH_INO_ROOT;
734	req->r_ino1.snap = CEPH_NOSNAP;	744	req->r_ino1.snap = CEPH_NOSNAP;
735	req->r_started = started;	745	req->r_started = started;


diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c index 5a492caf34cb..5c4c9c256931 100644 --- a/fs/ceph/xattr.c +++ b/fs/ceph/xattr.c
@@ -877,16 +877,23 @@ static int ceph_sync_setxattr(struct dentry dentry, const char name,
877	err = PTR_ERR(req);	877	err = PTR_ERR(req);
878	goto out;	878	goto out;
879	}	879	}
880	req->r_inode = inode;	880
881	ihold(inode);
882	req->r_inode_drop = CEPH_CAP_XATTR_SHARED;
883	req->r_num_caps = 1;
884	req->r_args.setxattr.flags = cpu_to_le32(flags);	881	req->r_args.setxattr.flags = cpu_to_le32(flags);
885	req->r_path2 = kstrdup(name, GFP_NOFS);	882	req->r_path2 = kstrdup(name, GFP_NOFS);
		883	if (!req->r_path2) {
		884	ceph_mdsc_put_request(req);
		885	err = -ENOMEM;
		886	goto out;
		887	}
886		888
887	req->r_pagelist = pagelist;	889	req->r_pagelist = pagelist;
888	pagelist = NULL;	890	pagelist = NULL;
889		891
		892	req->r_inode = inode;
		893	ihold(inode);
		894	req->r_num_caps = 1;
		895	req->r_inode_drop = CEPH_CAP_XATTR_SHARED;
		896
890	dout("xattr.ver (before): %lld\n", ci->i_xattrs.version);	897	dout("xattr.ver (before): %lld\n", ci->i_xattrs.version);
891	err = ceph_mdsc_do_request(mdsc, NULL, req);	898	err = ceph_mdsc_do_request(mdsc, NULL, req);
892	ceph_mdsc_put_request(req);	899	ceph_mdsc_put_request(req);
@@ -1019,12 +1026,14 @@ static int ceph_send_removexattr(struct dentry dentry, const char name)
1019	USE_AUTH_MDS);	1026	USE_AUTH_MDS);
1020	if (IS_ERR(req))	1027	if (IS_ERR(req))
1021	return PTR_ERR(req);	1028	return PTR_ERR(req);
		1029	req->r_path2 = kstrdup(name, GFP_NOFS);
		1030	if (!req->r_path2)
		1031	return -ENOMEM;
		1032
1022	req->r_inode = inode;	1033	req->r_inode = inode;
1023	ihold(inode);	1034	ihold(inode);
1024	req->r_inode_drop = CEPH_CAP_XATTR_SHARED;
1025	req->r_num_caps = 1;	1035	req->r_num_caps = 1;
1026	req->r_path2 = kstrdup(name, GFP_NOFS);	1036	req->r_inode_drop = CEPH_CAP_XATTR_SHARED;
1027
1028	err = ceph_mdsc_do_request(mdsc, NULL, req);	1037	err = ceph_mdsc_do_request(mdsc, NULL, req);
1029	ceph_mdsc_put_request(req);	1038	ceph_mdsc_put_request(req);
1030	return err;	1039	return err;