summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXiyu Yang <xiyuyang19@fudan.edu.cn>2020-04-23 07:09:27 +0200
committerTheodore Ts'o <tytso@mit.edu>2020-06-04 05:16:49 +0200
commit3bbd0ef26098d241dc59ee77ba14b7dab0df0786 (patch)
treec814fdd1ca7e627a43f182703f949a741014d8a7
parentext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (diff)
downloadlinux-3bbd0ef26098d241dc59ee77ba14b7dab0df0786.tar.xz
linux-3bbd0ef26098d241dc59ee77ba14b7dab0df0786.zip
ext4: fix buffer_head refcnt leak when ext4_iget() fails
ext4_orphan_get() invokes ext4_read_inode_bitmap(), which returns a reference of the specified buffer_head object to "bitmap_bh" with increased refcnt. When ext4_orphan_get() returns, local variable "bitmap_bh" becomes invalid, so the refcount should be decreased to keep refcount balanced. The reference counting issue happens in one exception handling path of ext4_orphan_get(). When ext4_iget() fails, the function forgets to decrease the refcnt increased by ext4_read_inode_bitmap(), causing a refcnt leak. Fix this issue by calling brelse() when ext4_iget() fails. Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com> Cc: stable@kernel.org Link: https://lore.kernel.org/r/1587618568-13418-1-git-send-email-xiyuyang19@fudan.edu.cn Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-rw-r--r--fs/ext4/ialloc.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 4b8c9a9bdf0c..011bcb8c4770 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -1246,6 +1246,7 @@ struct inode *ext4_orphan_get(struct super_block *sb, unsigned long ino)
ext4_error_err(sb, -err,
"couldn't read orphan inode %lu (err %d)",
ino, err);
+ brelse(bitmap_bh);
return inode;
}