summaryrefslogtreecommitdiffstats
path: root/fs/ext4
diff options
context:
space:
mode:
authorKemeng Shi <shikemeng@huaweicloud.com>2024-08-20 15:22:29 +0200
committerTheodore Ts'o <tytso@mit.edu>2024-09-04 04:12:15 +0200
commit227d31b9214d1b9513383cf6c7180628d4b3b61f (patch)
tree993fb3ed1b934d121581c1ec47bceef224cac01e /fs/ext4
parentext4: avoid buffer_head leak in ext4_mark_inode_used() (diff)
downloadlinux-227d31b9214d1b9513383cf6c7180628d4b3b61f.tar.xz
linux-227d31b9214d1b9513383cf6c7180628d4b3b61f.zip
ext4: avoid potential buffer_head leak in __ext4_new_inode()
If a group is marked EXT4_GROUP_INFO_IBITMAP_CORRUPT after it's inode bitmap buffer_head was successfully verified, then __ext4_new_inode() will get a valid inode_bitmap_bh of a corrupted group from ext4_read_inode_bitmap() in which case inode_bitmap_bh misses a release. Hnadle "IS_ERR(inode_bitmap_bh)" and group corruption separately like how ext4_free_inode() does to avoid buffer_head leak. Fixes: 9008a58e5dce ("ext4: make the bitmap read routines return real error codes") Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> Link: https://patch.msgid.link/20240820132234.2759926-3-shikemeng@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'fs/ext4')
-rw-r--r--fs/ext4/ialloc.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index ad7f13976dc6..9e2c08a8665f 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -1054,12 +1054,13 @@ got_group:
brelse(inode_bitmap_bh);
inode_bitmap_bh = ext4_read_inode_bitmap(sb, group);
/* Skip groups with suspicious inode tables */
- if (((!(sbi->s_mount_state & EXT4_FC_REPLAY))
- && EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) ||
- IS_ERR(inode_bitmap_bh)) {
+ if (IS_ERR(inode_bitmap_bh)) {
inode_bitmap_bh = NULL;
goto next_group;
}
+ if (!(sbi->s_mount_state & EXT4_FC_REPLAY) &&
+ EXT4_MB_GRP_IBITMAP_CORRUPT(grp))
+ goto next_group;
repeat_in_this_group:
ret2 = find_inode_bit(sb, group, inode_bitmap_bh, &ino);