ext4: avoid potential buffer_head leak in __ext4_new_inode()

[ Upstream commit 227d31b9214d1b9513383cf6c7180628d4b3b61f ]

If a group is marked EXT4_GROUP_INFO_IBITMAP_CORRUPT after it's inode
bitmap buffer_head was successfully verified, then __ext4_new_inode()
will get a valid inode_bitmap_bh of a corrupted group from
ext4_read_inode_bitmap() in which case inode_bitmap_bh misses a release.
Hnadle "IS_ERR(inode_bitmap_bh)" and group corruption separately like
how ext4_free_inode() does to avoid buffer_head leak.

Fixes: 9008a58e5dce ("ext4: make the bitmap read routines return real error codes")
Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
Link: https://patch.msgid.link/20240820132234.2759926-3-shikemeng@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index bf14450da35f424a0c5c1cf1a62d1ec31151405d..de04f4400d9264435a7ebd495ce49719b1b1af60 100644 (file)
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -1054,12 +1054,13 @@ got_group:
                brelse(inode_bitmap_bh);
                inode_bitmap_bh = ext4_read_inode_bitmap(sb, group);
                /* Skip groups with suspicious inode tables */
-               if (((!(sbi->s_mount_state & EXT4_FC_REPLAY))
-                    && EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) ||
-                   IS_ERR(inode_bitmap_bh)) {
+               if (IS_ERR(inode_bitmap_bh)) {
                        inode_bitmap_bh = NULL;
                        goto next_group;
                }
+               if (!(sbi->s_mount_state & EXT4_FC_REPLAY) &&
+                   EXT4_MB_GRP_IBITMAP_CORRUPT(grp))
+                       goto next_group;
 
 repeat_in_this_group:
                ret2 = find_inode_bit(sb, group, inode_bitmap_bh, &ino);