ext4: avoid drop reference to iloc.bh twice

commit 8c380ab4b7b59c0c602743810be1b712514eaebc upstream. The reference to iloc.bh has been dropped in ext4_mark_iloc_dirty. However, the reference is dropped again if error occurs during ext4_handle_dirty_metadata, which may result in use-after-free bugs. Fixes: fb265c9cb49e("ext4: add ext4_sb_bread() to disambiguate ENOMEM cases") Signed-off-by: Pan Bian <bianpan2016@163.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Jan Kara <jack@suse.cz> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Pan Bian <bianpan2016@163.com> 2019-04-25 18:44:15 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-22 08:39:53 +0300
commit: 8f2faa8364fe7f74b97fc5d72b0d094557d6a607 (patch)
tree: bf1f86118f0e425a076bf1723cf09c5b769a55e7 /fs
parent: e9f94dc29281bf1a5f266052d0654d8868990b6a (diff)
download: linux-8f2faa8364fe7f74b97fc5d72b0d094557d6a607.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index e7ae26e36c9c..4d5c0fc9d23a 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -874,6 +874,7 @@ static int add_new_gdb(handle_t *handle, struct inode *inode,
 	err = ext4_handle_dirty_metadata(handle, NULL, gdb_bh);
 	if (unlikely(err)) {
 		ext4_std_error(sb, err);
+		iloc.bh = NULL;
 		goto errout;
 	}
 	brelse(dind);
author	Pan Bian <bianpan2016@163.com>	2019-04-25 18:44:15 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-05-22 08:39:53 +0300
commit	8f2faa8364fe7f74b97fc5d72b0d094557d6a607 (patch)
tree	bf1f86118f0e425a076bf1723cf09c5b769a55e7 /fs
parent	e9f94dc29281bf1a5f266052d0654d8868990b6a (diff)
download	linux-8f2faa8364fe7f74b97fc5d72b0d094557d6a607.tar.xz