From 5258610a21240dbb38531e57c9038251caa15bca Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Sat, 28 Dec 2024 07:56:12 +0000 Subject: [PATCH] ocfs2: free inode when ocfs2_get_init_inode() fails stable inclusion from stable-v6.6.66 commit a84d507d3290aca249b44ae992af9e10590cc5f6 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBEAN4 CVE: CVE-2024-56630 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a84d507d3290aca249b44ae992af9e10590cc5f6 -------------------------------- [ Upstream commit 965b5dd1894f4525f38c1b5f99b0106a07dbb5db ] syzbot is reporting busy inodes after unmount, for commit 9c89fe0af826 ("ocfs2: Handle error from dquot_initialize()") forgot to call iput() when new_inode() succeeded and dquot_initialize() failed. Link: https://lkml.kernel.org/r/e68c0224-b7c6-4784-b4fa-a9fc8c675525@I-love.SAKURA.ne.jp Fixes: 9c89fe0af826 ("ocfs2: Handle error from dquot_initialize()") Signed-off-by: Tetsuo Handa Reported-by: syzbot+0af00f6a2cba2058b5db@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=0af00f6a2cba2058b5db Tested-by: syzbot+0af00f6a2cba2058b5db@syzkaller.appspotmail.com Reviewed-by: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Changwei Ge Cc: Jun Piao Signed-off-by: Andrew Morton Signed-off-by: Sasha Levin Signed-off-by: Jinjie Ruan --- fs/ocfs2/namei.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c index 21b3d5b9be60..4e6d8a3f727d 100644 --- a/fs/ocfs2/namei.c +++ b/fs/ocfs2/namei.c @@ -200,8 +200,10 @@ static struct inode *ocfs2_get_init_inode(struct inode *dir, umode_t mode) mode = mode_strip_sgid(&nop_mnt_idmap, dir, mode); inode_init_owner(&nop_mnt_idmap, inode, dir, mode); status = dquot_initialize(inode); - if (status) + if (status) { + iput(inode); return ERR_PTR(status); + } return inode; } -- Gitee