diff options
| author | Max Kellermann <max.kellermann@ionos.com> | 2024-11-18 23:28:28 +0100 |
|---|---|---|
| committer | Ilya Dryomov <idryomov@gmail.com> | 2024-12-16 23:25:43 +0100 |
| commit | 550f7ca98ee028a606aa75705a7e77b1bd11720f (patch) | |
| tree | 799a9f9ea0e58110a85832644cf81a6ec023bdba /fs/ceph | |
| parent | d6fd6f8280f0257ba93f16900a0d3d3912f32c79 (diff) | |
| download | linux-550f7ca98ee028a606aa75705a7e77b1bd11720f.tar.gz linux-550f7ca98ee028a606aa75705a7e77b1bd11720f.tar.bz2 linux-550f7ca98ee028a606aa75705a7e77b1bd11720f.zip | |
ceph: give up on paths longer than PATH_MAX
If the full path to be built by ceph_mdsc_build_path() happens to be
longer than PATH_MAX, then this function will enter an endless (retry)
loop, effectively blocking the whole task. Most of the machine
becomes unusable, making this a very simple and effective DoS
vulnerability.
I cannot imagine why this retry was ever implemented, but it seems
rather useless and harmful to me. Let's remove it and fail with
ENAMETOOLONG instead.
Cc: stable@vger.kernel.org
Reported-by: Dario Weißer <dario@cure53.de>
Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
Reviewed-by: Alex Markuze <amarkuze@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'fs/ceph')
| -rw-r--r-- | fs/ceph/mds_client.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index 219a2cc2bf3c..785fe489ef4b 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c @@ -2800,12 +2800,11 @@ retry: if (pos < 0) { /* - * A rename didn't occur, but somehow we didn't end up where - * we thought we would. Throw a warning and try again. + * The path is longer than PATH_MAX and this function + * cannot ever succeed. Creating paths that long is + * possible with Ceph, but Linux cannot use them. */ - pr_warn_client(cl, "did not end path lookup where expected (pos = %d)\n", - pos); - goto retry; + return ERR_PTR(-ENAMETOOLONG); } *pbase = base; |