[PATCH v2] ext4: fix missing brelse() in ext4_xattr_inode_dec_ref

public inbox for linux-ext4@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2] ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
@ 2026-04-06  7:48 skoyama.kernel
  2026-04-06 14:38 ` Baokun Li
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: skoyama.kernel @ 2026-04-06  7:48 UTC (permalink / raw)
  To: linux-ext4
  Cc: tytso, adilger.kernel, libaokun, jack, ojaswin, ritesh.list,
	yi.zhang, bhupesh, Sohei Koyama, Andreas Dilger, stable

From: Sohei Koyama <skoyama@ddn.com>

The commit c8e008b60492 ("ext4: ignore xattrs past end")
introduced a refcount leak in when block_csum is false.

ext4_xattr_inode_dec_ref_all() calls ext4_get_inode_loc() to
get iloc.bh, but never releases it with brelse().

Fixes: c8e008b60492 ("ext4: ignore xattrs past end")
Signed-off-by: Sohei Koyama <skoyama@ddn.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Cc: stable@vger.kernel.org
---
 fs/ext4/xattr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 7bf9ba19a89d..19c72e38fb82 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1165,7 +1165,7 @@ ext4_xattr_inode_dec_ref_all(handle_t *handle, struct inode *parent,
 {
 	struct inode *ea_inode;
 	struct ext4_xattr_entry *entry;
-	struct ext4_iloc iloc;
+	struct ext4_iloc iloc = { .bh = NULL };
 	bool dirty = false;
 	unsigned int ea_ino;
 	int err;
@@ -1260,6 +1260,8 @@ ext4_xattr_inode_dec_ref_all(handle_t *handle, struct inode *parent,
 			ext4_warning_inode(parent,
 					   "handle dirty metadata err=%d", err);
 	}
+
+	brelse(iloc.bh);
 }
 
 /*
-- 
2.39.3 (Apple Git-146)


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
  2026-04-06  7:48 [PATCH v2] ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() skoyama.kernel
@ 2026-04-06 14:38 ` Baokun Li
  2026-04-07  1:13 ` Zhang Yi
  2026-04-10 15:18 ` Theodore Ts'o
  2 siblings, 0 replies; 4+ messages in thread
From: Baokun Li @ 2026-04-06 14:38 UTC (permalink / raw)
  To: skoyama.kernel, linux-ext4
  Cc: tytso, adilger.kernel, jack, ojaswin, ritesh.list, yi.zhang,
	bhupesh, Sohei Koyama, Andreas Dilger, stable



On 2026/4/6 15:48, skoyama.kernel@gmail.com wrote:
> From: Sohei Koyama <skoyama@ddn.com>
>
> The commit c8e008b60492 ("ext4: ignore xattrs past end")
> introduced a refcount leak in when block_csum is false.
>
> ext4_xattr_inode_dec_ref_all() calls ext4_get_inode_loc() to
> get iloc.bh, but never releases it with brelse().
>
> Fixes: c8e008b60492 ("ext4: ignore xattrs past end")
> Signed-off-by: Sohei Koyama <skoyama@ddn.com>
> Reviewed-by: Andreas Dilger <adilger@dilger.ca>
> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
> Cc: stable@vger.kernel.org

Looks good, feel free to add:

Reviewed-by: Baokun Li <libaokun@linux.alibaba.com>

> ---
>  fs/ext4/xattr.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
> index 7bf9ba19a89d..19c72e38fb82 100644
> --- a/fs/ext4/xattr.c
> +++ b/fs/ext4/xattr.c
> @@ -1165,7 +1165,7 @@ ext4_xattr_inode_dec_ref_all(handle_t *handle, struct inode *parent,
>  {
>  	struct inode *ea_inode;
>  	struct ext4_xattr_entry *entry;
> -	struct ext4_iloc iloc;
> +	struct ext4_iloc iloc = { .bh = NULL };
>  	bool dirty = false;
>  	unsigned int ea_ino;
>  	int err;
> @@ -1260,6 +1260,8 @@ ext4_xattr_inode_dec_ref_all(handle_t *handle, struct inode *parent,
>  			ext4_warning_inode(parent,
>  					   "handle dirty metadata err=%d", err);
>  	}
> +
> +	brelse(iloc.bh);
>  }
>  
>  /*


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
  2026-04-06  7:48 [PATCH v2] ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() skoyama.kernel
  2026-04-06 14:38 ` Baokun Li
@ 2026-04-07  1:13 ` Zhang Yi
  2026-04-10 15:18 ` Theodore Ts'o
  2 siblings, 0 replies; 4+ messages in thread
From: Zhang Yi @ 2026-04-07  1:13 UTC (permalink / raw)
  To: skoyama.kernel, linux-ext4
  Cc: tytso, adilger.kernel, libaokun, jack, ojaswin, ritesh.list,
	bhupesh, Sohei Koyama, Andreas Dilger, stable

On 4/6/2026 3:48 PM, skoyama.kernel@gmail.com wrote:
> From: Sohei Koyama <skoyama@ddn.com>
> 
> The commit c8e008b60492 ("ext4: ignore xattrs past end")
> introduced a refcount leak in when block_csum is false.
> 
> ext4_xattr_inode_dec_ref_all() calls ext4_get_inode_loc() to
> get iloc.bh, but never releases it with brelse().
> 
> Fixes: c8e008b60492 ("ext4: ignore xattrs past end")
> Signed-off-by: Sohei Koyama <skoyama@ddn.com>
> Reviewed-by: Andreas Dilger <adilger@dilger.ca>
> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
> Cc: stable@vger.kernel.org

Looks good to me.

Reviewed-by: Zhang Yi <yi.zhang@huawei.com>

> ---
>  fs/ext4/xattr.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
> index 7bf9ba19a89d..19c72e38fb82 100644
> --- a/fs/ext4/xattr.c
> +++ b/fs/ext4/xattr.c
> @@ -1165,7 +1165,7 @@ ext4_xattr_inode_dec_ref_all(handle_t *handle, struct inode *parent,
>  {
>  	struct inode *ea_inode;
>  	struct ext4_xattr_entry *entry;
> -	struct ext4_iloc iloc;
> +	struct ext4_iloc iloc = { .bh = NULL };
>  	bool dirty = false;
>  	unsigned int ea_ino;
>  	int err;
> @@ -1260,6 +1260,8 @@ ext4_xattr_inode_dec_ref_all(handle_t *handle, struct inode *parent,
>  			ext4_warning_inode(parent,
>  					   "handle dirty metadata err=%d", err);
>  	}
> +
> +	brelse(iloc.bh);
>  }
>  
>  /*


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
  2026-04-06  7:48 [PATCH v2] ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() skoyama.kernel
  2026-04-06 14:38 ` Baokun Li
  2026-04-07  1:13 ` Zhang Yi
@ 2026-04-10 15:18 ` Theodore Ts'o
  2 siblings, 0 replies; 4+ messages in thread
From: Theodore Ts'o @ 2026-04-10 15:18 UTC (permalink / raw)
  To: linux-ext4, skoyama.kernel
  Cc: Theodore Ts'o, adilger.kernel, libaokun, jack, ojaswin,
	ritesh.list, yi.zhang, bhupesh, Sohei Koyama, Andreas Dilger,
	stable


On Mon, 06 Apr 2026 16:48:30 +0900, skoyama.kernel@gmail.com wrote:
> The commit c8e008b60492 ("ext4: ignore xattrs past end")
> introduced a refcount leak in when block_csum is false.
> 
> ext4_xattr_inode_dec_ref_all() calls ext4_get_inode_loc() to
> get iloc.bh, but never releases it with brelse().
> 
> 
> [...]

Applied, thanks!

[1/1] ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
      commit: 77d059519382bd66283e6a4e83ee186e87e7708f

Best regards,
-- 
Theodore Ts'o <tytso@mit.edu>

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-04-10 15:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-06  7:48 [PATCH v2] ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() skoyama.kernel
2026-04-06 14:38 ` Baokun Li
2026-04-07  1:13 ` Zhang Yi
2026-04-10 15:18 ` Theodore Ts'o

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox