| Message ID | 1587618568-13418-1-git-send-email-xiyuyang19@fudan.edu.cn |
|---|---|
| State | Accepted |
| Headers | show |
| Series | ext4: Fix buffer_head refcnt leak when ext4_iget() fails | expand |
On Thu, Apr 23, 2020 at 01:09:27PM +0800, Xiyu Yang wrote: > ext4_orphan_get() invokes ext4_read_inode_bitmap(), which returns a > reference of the specified buffer_head object to "bitmap_bh" with > increased refcnt. > > When ext4_orphan_get() returns, local variable "bitmap_bh" becomes > invalid, so the refcount should be decreased to keep refcount balanced. > > The reference counting issue happens in one exception handling path of > ext4_orphan_get(). When ext4_iget() fails, the function forgets to > decrease the refcnt increased by ext4_read_inode_bitmap(), causing a > refcnt leak. > > Fix this issue by calling brelse() when ext4_iget() fails. > > Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn> > Signed-off-by: Xin Tan <tanxin.ctf@gmail.com> Applied, thanks. - Ted
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index f95ee99091e4..2e4729ba17e6 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c @@ -1234,6 +1234,7 @@ struct inode *ext4_orphan_get(struct super_block *sb, unsigned long ino) ext4_set_errno(sb, -err); ext4_error(sb, "couldn't read orphan inode %lu (err %d)", ino, err); + brelse(bitmap_bh); return inode; }