ext4: fix buffer_head refcnt leak when ext4_iget() fails
authorXiyu Yang <xiyuyang19@fudan.edu.cn>
Thu, 23 Apr 2020 05:09:27 +0000 (13:09 +0800)
committerTheodore Ts'o <tytso@mit.edu>
Thu, 4 Jun 2020 03:16:49 +0000 (23:16 -0400)
commit3bbd0ef26098d241dc59ee77ba14b7dab0df0786
treec814fdd1ca7e627a43f182703f949a741014d8a7
parentc36a71b4e35ab35340facdd6964a00956b9fef0a
ext4: fix buffer_head refcnt leak when ext4_iget() fails

ext4_orphan_get() invokes ext4_read_inode_bitmap(), which returns a
reference of the specified buffer_head object to "bitmap_bh" with
increased refcnt.

When ext4_orphan_get() returns, local variable "bitmap_bh" becomes
invalid, so the refcount should be decreased to keep refcount balanced.

The reference counting issue happens in one exception handling path of
ext4_orphan_get(). When ext4_iget() fails, the function forgets to
decrease the refcnt increased by ext4_read_inode_bitmap(), causing a
refcnt leak.

Fix this issue by calling brelse() when ext4_iget() fails.

Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/1587618568-13418-1-git-send-email-xiyuyang19@fudan.edu.cn
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
fs/ext4/ialloc.c