From 8e4e080b2be0b979cbd90b1a587d4afa9ef074ab Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@kernel.org>
Date: Thu, 1 Jul 2021 10:41:46 -0400
Subject: [PATCH] ceph: fix memory leak on decode error in ceph_handle_caps

[ Upstream commit 2ad32cf09bd28a21e6ad1595355a023ed631b529 ]

If we hit a decoding error late in the frame, then we might exit the
function without putting the pool_ns string. Ensure that we always put
that reference on the way out of the function.

Signed-off-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/ceph/caps.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
index ba562efdf07b8..1f3d67133958e 100644
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -4137,8 +4137,9 @@ void ceph_handle_caps(struct ceph_mds_session *session,
 done:
 	mutex_unlock(&session->s_mutex);
 done_unlocked:
-	ceph_put_string(extra_info.pool_ns);
 	iput(inode);
+out:
+	ceph_put_string(extra_info.pool_ns);
 	return;
 
 flush_cap_releases:
@@ -4153,7 +4154,7 @@ void ceph_handle_caps(struct ceph_mds_session *session,
 bad:
 	pr_err("ceph_handle_caps: corrupt message\n");
 	ceph_msg_dump(msg);
-	return;
+	goto out;
 }
 
 /*