From 728aaa123c0cadfb9f41d952aeff1fe8ac9ed475 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Sat, 28 Dec 2024 07:55:25 +0000 Subject: [PATCH] ocfs2: free inode when ocfs2_get_init_inode() fails stable inclusion from stable-v5.10.231 commit 9c19ea59965ebb482e227532f7bbb01792fb028c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBEAN4 CVE: CVE-2024-56630 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9c19ea59965ebb482e227532f7bbb01792fb028c ------------------------------------------------- [ Upstream commit 965b5dd1894f4525f38c1b5f99b0106a07dbb5db ] syzbot is reporting busy inodes after unmount, for commit 9c89fe0af826 ("ocfs2: Handle error from dquot_initialize()") forgot to call iput() when new_inode() succeeded and dquot_initialize() failed. Link: https://lkml.kernel.org/r/e68c0224-b7c6-4784-b4fa-a9fc8c675525@I-love.SAKURA.ne.jp Fixes: 9c89fe0af826 ("ocfs2: Handle error from dquot_initialize()") Signed-off-by: Tetsuo Handa Reported-by: syzbot+0af00f6a2cba2058b5db@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=0af00f6a2cba2058b5db Tested-by: syzbot+0af00f6a2cba2058b5db@syzkaller.appspotmail.com Reviewed-by: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Changwei Ge Cc: Jun Piao Signed-off-by: Andrew Morton Signed-off-by: Sasha Levin Signed-off-by: Jinjie Ruan --- fs/ocfs2/namei.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c index 5c98813b3dca..a1d7f62975bd 100644 --- a/fs/ocfs2/namei.c +++ b/fs/ocfs2/namei.c @@ -201,8 +201,10 @@ static struct inode *ocfs2_get_init_inode(struct inode *dir, umode_t mode) mode = mode_strip_sgid(dir, mode); inode_init_owner(inode, dir, mode); status = dquot_initialize(inode); - if (status) + if (status) { + iput(inode); return ERR_PTR(status); + } return inode; } -- Gitee