Commit d42ad3f1 authored Nov 18, 2024 by Max Kellermann Committed by Greg Kroah-Hartman Jan 23, 2025

ceph: give up on paths longer than PATH_MAX



commit 550f7ca9 upstream.

If the full path to be built by ceph_mdsc_build_path() happens to be
longer than PATH_MAX, then this function will enter an endless (retry)
loop, effectively blocking the whole task.  Most of the machine
becomes unusable, making this a very simple and effective DoS
vulnerability.

I cannot imagine why this retry was ever implemented, but it seems
rather useless and harmful to me.  Let's remove it and fail with
ENAMETOOLONG instead.

Cc: stable@vger.kernel.org
Reported-by: Dario Weißer <dario@cure53.de>
Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
Reviewed-by: Alex Markuze <amarkuze@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
[idryomov@gmail.com: backport to 6.1: pr_warn() is still in use]
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 4735586d

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit cd606ebe
· Nov 05, 2025

mentioned in commit cd606ebe

mentioned in commit cd606ebe30a831ca22631fa82808e6b888f42923

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit c484f2aa
· Nov 05, 2025

mentioned in commit c484f2aa

mentioned in commit c484f2aaf61764ca062726606fe236affcfb758d

Toggle commit list

Please to comment