Commit 3bbd0ef2 authored Apr 23, 2020 by Xiyu Yang Committed by Theodore Ts'o Jun 03, 2020

ext4: fix buffer_head refcnt leak when ext4_iget() fails



ext4_orphan_get() invokes ext4_read_inode_bitmap(), which returns a
reference of the specified buffer_head object to "bitmap_bh" with
increased refcnt.

When ext4_orphan_get() returns, local variable "bitmap_bh" becomes
invalid, so the refcount should be decreased to keep refcount balanced.

The reference counting issue happens in one exception handling path of
ext4_orphan_get(). When ext4_iget() fails, the function forgets to
decrease the refcnt increased by ext4_read_inode_bitmap(), causing a
refcnt leak.

Fix this issue by calling brelse() when ext4_iget() fails.

Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/1587618568-13418-1-git-send-email-xiyuyang19@fudan.edu.cn


Signed-off-by: Theodore Ts'o <tytso@mit.edu>

parent c36a71b4

fs/ext4/ialloc.c

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1246,6 +1246,7 @@ struct inode ext4_orphan_get(struct super_block sb, unsigned long ino)
	ext4_error_err(sb, -err,		ext4_error_err(sb, -err,
	"couldn't read orphan inode %lu (err %d)",		"couldn't read orphan inode %lu (err %d)",
	ino, err);		ino, err);
			brelse(bitmap_bh);
	return inode;		return inode;
	}		}