Pages are freed in `ceph_osdc_put_request`, trying to release them this way will end badly.
On Wed, Nov 27, 2024 at 11:20 PM Max Kellermann max.kellermann@ionos.com wrote:
In two `break` statements, the call to ceph_release_page_vector() was missing, leaking the allocation from ceph_alloc_page_vector().
Cc: stable@vger.kernel.org Signed-off-by: Max Kellermann max.kellermann@ionos.com
fs/ceph/file.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/fs/ceph/file.c b/fs/ceph/file.c index 4b8d59ebda00..24d0f1cc9aac 100644 --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -1134,6 +1134,7 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos, extent_cnt = __ceph_sparse_read_ext_count(inode, read_len); ret = ceph_alloc_sparse_ext_map(op, extent_cnt); if (ret) {
ceph_release_page_vector(pages, num_pages); ceph_osdc_put_request(req); break; }@@ -1168,6 +1169,7 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos, op->extent.sparse_ext_cnt); if (fret < 0) { ret = fret;
ceph_release_page_vector(pages, num_pages); ceph_osdc_put_request(req); break; }-- 2.45.2