diff options
| author | Kemeng Shi <shikemeng@huaweicloud.com> | 2024-08-20 16:22:29 +0300 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2024-09-04 05:12:15 +0300 |
| commit | 227d31b9214d1b9513383cf6c7180628d4b3b61f (patch) | |
| tree | 993fb3ed1b934d121581c1ec47bceef224cac01e /fs/ext4 | |
| parent | 5e5b2a56c57def1b41efd49596621504d7bcc61c (diff) | |
| download | linux-227d31b9214d1b9513383cf6c7180628d4b3b61f.tar.xz | |
ext4: avoid potential buffer_head leak in __ext4_new_inode()
If a group is marked EXT4_GROUP_INFO_IBITMAP_CORRUPT after it's inode
bitmap buffer_head was successfully verified, then __ext4_new_inode()
will get a valid inode_bitmap_bh of a corrupted group from
ext4_read_inode_bitmap() in which case inode_bitmap_bh misses a release.
Hnadle "IS_ERR(inode_bitmap_bh)" and group corruption separately like
how ext4_free_inode() does to avoid buffer_head leak.
Fixes: 9008a58e5dce ("ext4: make the bitmap read routines return real error codes")
Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
Link: https://patch.msgid.link/20240820132234.2759926-3-shikemeng@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'fs/ext4')
| -rw-r--r-- | fs/ext4/ialloc.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index ad7f13976dc6..9e2c08a8665f 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c @@ -1054,12 +1054,13 @@ got_group: brelse(inode_bitmap_bh); inode_bitmap_bh = ext4_read_inode_bitmap(sb, group); /* Skip groups with suspicious inode tables */ - if (((!(sbi->s_mount_state & EXT4_FC_REPLAY)) - && EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) || - IS_ERR(inode_bitmap_bh)) { + if (IS_ERR(inode_bitmap_bh)) { inode_bitmap_bh = NULL; goto next_group; } + if (!(sbi->s_mount_state & EXT4_FC_REPLAY) && + EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) + goto next_group; repeat_in_this_group: ret2 = find_inode_bit(sb, group, inode_bitmap_bh, &ino); |