This is a note to let you know that I've just added the patch titled ext4: fix possible leak of sbi->s_group_desc_leak in error path to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: ext4-fix-possible-leak-of-sbi-s_group_desc_leak-in-error-path.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 9e463084cdb22e0b56b2dfbc50461020409a5fd3 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o <tytso@xxxxxxx> Date: Wed, 7 Nov 2018 10:32:53 -0500 Subject: ext4: fix possible leak of sbi->s_group_desc_leak in error path From: Theodore Ts'o <tytso@xxxxxxx> commit 9e463084cdb22e0b56b2dfbc50461020409a5fd3 upstream. Fixes: bfe0a5f47ada ("ext4: add more mount time checks of the superblock") Reported-by: Vasily Averin <vvs@xxxxxxxxxxxxx> Signed-off-by: Theodore Ts'o <tytso@xxxxxxx> Cc: stable@xxxxxxxxxx # 4.18 Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/ext4/super.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -3897,6 +3897,14 @@ static int ext4_fill_super(struct super_ sbi->s_groups_count = blocks_count; sbi->s_blockfile_groups = min_t(ext4_group_t, sbi->s_groups_count, (EXT4_MAX_BLOCK_FILE_PHYS / EXT4_BLOCKS_PER_GROUP(sb))); + if (((u64)sbi->s_groups_count * sbi->s_inodes_per_group) != + le32_to_cpu(es->s_inodes_count)) { + ext4_msg(sb, KERN_ERR, "inodes count not valid: %u vs %llu", + le32_to_cpu(es->s_inodes_count), + ((u64)sbi->s_groups_count * sbi->s_inodes_per_group)); + ret = -EINVAL; + goto failed_mount; + } db_count = (sbi->s_groups_count + EXT4_DESC_PER_BLOCK(sb) - 1) / EXT4_DESC_PER_BLOCK(sb); if (ext4_has_feature_meta_bg(sb)) { @@ -3916,14 +3924,6 @@ static int ext4_fill_super(struct super_ ret = -ENOMEM; goto failed_mount; } - if (((u64)sbi->s_groups_count * sbi->s_inodes_per_group) != - le32_to_cpu(es->s_inodes_count)) { - ext4_msg(sb, KERN_ERR, "inodes count not valid: %u vs %llu", - le32_to_cpu(es->s_inodes_count), - ((u64)sbi->s_groups_count * sbi->s_inodes_per_group)); - ret = -EINVAL; - goto failed_mount; - } bgl_lock_init(sbi->s_blockgroup_lock); Patches currently in stable-queue which might be from tytso@xxxxxxx are queue-4.9/ext4-add-missing-brelse-add_new_gdb_meta_bg-s-error-path.patch queue-4.9/ext4-avoid-buffer-leak-in-ext4_orphan_add-after-prior-errors.patch queue-4.9/ext4-release-bs.bh-before-re-using-in-ext4_xattr_block_find.patch queue-4.9/ext4-fix-missing-cleanup-if-ext4_alloc_flex_bg_array-fails-while-resizing.patch queue-4.9/ext4-fix-buffer-leak-in-__ext4_read_dirblock-on-error-path.patch queue-4.9/ext4-fix-possible-inode-leak-in-the-retry-loop-of-ext4_resize_fs.patch queue-4.9/ext4-fix-possible-leak-of-sbi-s_group_desc_leak-in-error-path.patch queue-4.9/ext4-add-missing-brelse-in-set_flexbg_block_bitmap-s-error-path.patch queue-4.9/ext4-fix-buffer-leak-in-ext4_xattr_move_to_block-on-error-path.patch queue-4.9/ext4-avoid-potential-extra-brelse-in-setup_new_flex_group_blocks.patch queue-4.9/ext4-add-missing-brelse-update_backups-s-error-path.patch queue-4.9/ext4-avoid-possible-double-brelse-in-add_new_gdb-on-error-path.patch queue-4.9/ext4-fix-possible-leak-of-s_journal_flag_rwsem-in-error-path.patch