LinuxLists.cc - [PATCH v3 4/4] ext4: fix inode leak in 'ext4_xattr_inode

2022-12-08 02:13:06

Subject: [PATCH v3 4/4] ext4: fix inode leak in 'ext4_xattr_inode_create()'

From: Ye Bin <[email protected]>

There is issue as follows when do setxattr with inject fault:
[localhost]#fsck.ext4 -fn /dev/sda
e2fsck 1.46.6-rc1 (12-Sep-2022)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Unattached zero-length inode 15. Clear? no

Unattached inode 15
Connect to /lost+found? no

Pass 5: Checking group summary information

/dev/sda: ********** WARNING: Filesystem still has errors **********

/dev/sda: 15/655360 files (0.0% non-contiguous), 66755/2621440 blocks

This occurs in 'ext4_xattr_inode_create()'. If 'ext4_mark_inode_dirty()'
fails, dropping i_nlink of the inode is needed. Or will lead to inode leak.

Signed-off-by: Ye Bin <[email protected]>
Reviewed-by: Jan Kara <[email protected]>
---
fs/ext4/xattr.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 99dacb0393fa..aad7de2e366a 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1442,6 +1442,9 @@ static struct inode *ext4_xattr_inode_create(handle_t *handle,
if (!err)
err = ext4_inode_attach_jinode(ea_inode);
if (err) {
+ if (ext4_xattr_inode_dec_ref(handle, ea_inode))
+ ext4_warning_inode(ea_inode,
+ "cleanup dec ref error %d", err);
iput(ea_inode);
return ERR_PTR(err);
}
--
2.31.1

2022-12-09 05:39:46

by Theodore Ts'o

[permalink] [raw]

Subject: Re: [PATCH v3 4/4] ext4: fix inode leak in 'ext4_xattr_inode_create()'

On Thu, Dec 08, 2022 at 10:32:33AM +0800, Ye Bin wrote:
> From: Ye Bin <[email protected]>
>
> There is issue as follows when do setxattr with inject fault:
> [localhost]#fsck.ext4 -fn /dev/sda
> e2fsck 1.46.6-rc1 (12-Sep-2022)
> Pass 1: Checking inodes, blocks, and sizes
> Pass 2: Checking directory structure
> Pass 3: Checking directory connectivity
> Pass 4: Checking reference counts
> Unattached zero-length inode 15. Clear? no
>
> Unattached inode 15
> Connect to /lost+found? no
>
> Pass 5: Checking group summary information
>
> /dev/sda: ********** WARNING: Filesystem still has errors **********
>
> /dev/sda: 15/655360 files (0.0% non-contiguous), 66755/2621440 blocks
>
> This occurs in 'ext4_xattr_inode_create()'. If 'ext4_mark_inode_dirty()'
> fails, dropping i_nlink of the inode is needed. Or will lead to inode leak.
>
> Signed-off-by: Ye Bin <[email protected]>
> Reviewed-by: Jan Kara <[email protected]>

Applied, thanks.

- Ted