summaryrefslogtreecommitdiff
path: root/fs/ext4
diff options
context:
space:
mode:
authorPan Bian <bianpan2016@163.com>2019-04-25 11:44:15 -0400
committerTheodore Ts'o <tytso@mit.edu>2019-04-25 11:44:15 -0400
commit8c380ab4b7b59c0c602743810be1b712514eaebc (patch)
tree219607cef9f919264702e71af75fac9d3e0a0f76 /fs/ext4
parente5d01196c0428a206f307e9ee5f6842964098ff0 (diff)
downloadlwn-8c380ab4b7b59c0c602743810be1b712514eaebc.tar.gz
lwn-8c380ab4b7b59c0c602743810be1b712514eaebc.zip
ext4: avoid drop reference to iloc.bh twice
The reference to iloc.bh has been dropped in ext4_mark_iloc_dirty. However, the reference is dropped again if error occurs during ext4_handle_dirty_metadata, which may result in use-after-free bugs. Fixes: fb265c9cb49e("ext4: add ext4_sb_bread() to disambiguate ENOMEM cases") Signed-off-by: Pan Bian <bianpan2016@163.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Jan Kara <jack@suse.cz> Cc: stable@kernel.org
Diffstat (limited to 'fs/ext4')
-rw-r--r--fs/ext4/resize.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index e7ae26e36c9c..4d5c0fc9d23a 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -874,6 +874,7 @@ static int add_new_gdb(handle_t *handle, struct inode *inode,
err = ext4_handle_dirty_metadata(handle, NULL, gdb_bh);
if (unlikely(err)) {
ext4_std_error(sb, err);
+ iloc.bh = NULL;
goto errout;
}
brelse(dind);