diff options
author | Pan Bian <bianpan2016@163.com> | 2019-04-25 11:44:15 -0400 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2019-04-25 11:44:15 -0400 |
commit | 8c380ab4b7b59c0c602743810be1b712514eaebc (patch) | |
tree | 219607cef9f919264702e71af75fac9d3e0a0f76 /fs/ext4/resize.c | |
parent | e5d01196c0428a206f307e9ee5f6842964098ff0 (diff) | |
download | lwn-8c380ab4b7b59c0c602743810be1b712514eaebc.tar.gz lwn-8c380ab4b7b59c0c602743810be1b712514eaebc.zip |
ext4: avoid drop reference to iloc.bh twice
The reference to iloc.bh has been dropped in ext4_mark_iloc_dirty.
However, the reference is dropped again if error occurs during
ext4_handle_dirty_metadata, which may result in use-after-free bugs.
Fixes: fb265c9cb49e("ext4: add ext4_sb_bread() to disambiguate ENOMEM cases")
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
Diffstat (limited to 'fs/ext4/resize.c')
-rw-r--r-- | fs/ext4/resize.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c index e7ae26e36c9c..4d5c0fc9d23a 100644 --- a/fs/ext4/resize.c +++ b/fs/ext4/resize.c @@ -874,6 +874,7 @@ static int add_new_gdb(handle_t *handle, struct inode *inode, err = ext4_handle_dirty_metadata(handle, NULL, gdb_bh); if (unlikely(err)) { ext4_std_error(sb, err); + iloc.bh = NULL; goto errout; } brelse(dind); |