Commit 728aaa12 authored Dec 28, 2024 by Tetsuo Handa Committed by Jinjie Ruan Dec 28, 2024

ocfs2: free inode when ocfs2_get_init_inode() fails

stable inclusion
from stable-v5.10.231
commit 9c19ea59965ebb482e227532f7bbb01792fb028c
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBEAN4
CVE: CVE-2024-56630

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9c19ea59965ebb482e227532f7bbb01792fb028c

-------------------------------------------------

[ Upstream commit 965b5dd1894f4525f38c1b5f99b0106a07dbb5db ]

syzbot is reporting busy inodes after unmount, for commit 9c89fe0a
("ocfs2: Handle error from dquot_initialize()") forgot to call iput() when
new_inode() succeeded and dquot_initialize() failed.

Link: https://lkml.kernel.org/r/e68c0224-b7c6-4784-b4fa-a9fc8c675525@I-love.SAKURA.ne.jp


Fixes: 9c89fe0a ("ocfs2: Handle error from dquot_initialize()")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by:  <syzbot+0af00f6a2cba2058b5db@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=0af00f6a2cba2058b5db


Tested-by:  <syzbot+0af00f6a2cba2058b5db@syzkaller.appspotmail.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>

parent 053a6b6f

fs/ocfs2/namei.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -201,8 +201,10 @@ static struct inode ocfs2_get_init_inode(struct inode dir, umode_t mode)
		mode = mode_strip_sgid(dir, mode);
		inode_init_owner(inode, dir, mode);
		status = dquot_initialize(inode);
		if (status)
		if (status) {
		iput(inode);
		return ERR_PTR(status);
		}

		return inode;
		}