e4b168c64d
commit 550f7ca98ee028a606aa75705a7e77b1bd11720f upstream. If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability. I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let's remove it and fail with ENAMETOOLONG instead. Cc: stable@vger.kernel.org Reported-by: Dario Weißer <dario@cure53.de> Signed-off-by: Max Kellermann <max.kellermann@ionos.com> Reviewed-by: Alex Markuze <amarkuze@redhat.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> [idryomov@gmail.com: backport to 6.1: pr_warn() is still in use] Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| acl.c | ||
| addr.c | ||
| cache.c | ||
| cache.h | ||
| caps.c | ||
| ceph_frag.c | ||
| debugfs.c | ||
| dir.c | ||
| export.c | ||
| file.c | ||
| inode.c | ||
| io.c | ||
| io.h | ||
| ioctl.c | ||
| ioctl.h | ||
| Kconfig | ||
| locks.c | ||
| Makefile | ||
| mds_client.c | ||
| mds_client.h | ||
| mdsmap.c | ||
| metric.c | ||
| metric.h | ||
| quota.c | ||
| snap.c | ||
| strings.c | ||
| super.c | ||
| super.h | ||
| util.c | ||
| xattr.c | ||