From: Pan Bian <bianpan2016@163.com>
Date: Thu, 25 Apr 2019 15:44:15 +0000 (-0400)
Subject: ext4: avoid drop reference to iloc.bh twice
X-Git-Tag: v5.2-rc1~137^2~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8c380ab4b7b59c0c602743810be1b712514eaebc;p=thirdparty%2Fkernel%2Flinux.git

ext4: avoid drop reference to iloc.bh twice

The reference to iloc.bh has been dropped in ext4_mark_iloc_dirty.
However, the reference is dropped again if error occurs during
ext4_handle_dirty_metadata, which may result in use-after-free bugs.

Fixes: fb265c9cb49e("ext4: add ext4_sb_bread() to disambiguate ENOMEM cases")
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
---

diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index e7ae26e36c9c1..4d5c0fc9d23a7 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -874,6 +874,7 @@ static int add_new_gdb(handle_t *handle, struct inode *inode,
 	err = ext4_handle_dirty_metadata(handle, NULL, gdb_bh);
 	if (unlikely(err)) {
 		ext4_std_error(sb, err);
+		iloc.bh = NULL;
 		goto errout;
 	}
 	brelse(dind);