queue-5.0/ext4-avoid-drop-reference-to-iloc.bh-twice.patch

   1 From 8c380ab4b7b59c0c602743810be1b712514eaebc Mon Sep 17 00:00:00 2001
   2 From: Pan Bian <bianpan2016@163.com>
   3 Date: Thu, 25 Apr 2019 11:44:15 -0400
   4 Subject: ext4: avoid drop reference to iloc.bh twice
   5
   6 From: Pan Bian <bianpan2016@163.com>
   7
   8 commit 8c380ab4b7b59c0c602743810be1b712514eaebc upstream.
   9
  10 The reference to iloc.bh has been dropped in ext4_mark_iloc_dirty.
  11 However, the reference is dropped again if error occurs during
  12 ext4_handle_dirty_metadata, which may result in use-after-free bugs.
  13
  14 Fixes: fb265c9cb49e("ext4: add ext4_sb_bread() to disambiguate ENOMEM cases")
  15 Signed-off-by: Pan Bian <bianpan2016@163.com>
  16 Signed-off-by: Theodore Ts'o <tytso@mit.edu>
  17 Reviewed-by: Jan Kara <jack@suse.cz>
  18 Cc: stable@kernel.org
  19 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  20
  21 ---
  22  fs/ext4/resize.c |    1 +
  23  1 file changed, 1 insertion(+)
  24
  25 --- a/fs/ext4/resize.c
  26 +++ b/fs/ext4/resize.c
  27 @@ -874,6 +874,7 @@ static int add_new_gdb(handle_t *handle,
  28         err = ext4_handle_dirty_metadata(handle, NULL, gdb_bh);
  29         if (unlikely(err)) {
  30                 ext4_std_error(sb, err);
  31 +               iloc.bh = NULL;
  32                 goto errout;
  33         }
  34         brelse(dind);