Patch "btrfs: fix double iput() on inode after an error during orphan cleanup" has been added to the 6.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 23 Jul 2023 15:57:27 +0200

This is a note to let you know that I've just added the patch titled

    btrfs: fix double iput() on inode after an error during orphan cleanup

to the 6.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     btrfs-fix-double-iput-on-inode-after-an-error-during-orphan-cleanup.patch
and it can be found in the queue-6.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From b777d279ff31979add57e8a3f810bceb7ef0cfb7 Mon Sep 17 00:00:00 2001
From: Filipe Manana <fdmanana@xxxxxxxx>
Date: Mon, 3 Jul 2023 18:15:30 +0100
Subject: btrfs: fix double iput() on inode after an error during orphan cleanup

From: Filipe Manana <fdmanana@xxxxxxxx>

commit b777d279ff31979add57e8a3f810bceb7ef0cfb7 upstream.

At btrfs_orphan_cleanup(), if we were able to find the inode, we do an
iput() on the inode, then if btrfs_drop_verity_items() succeeds and then
either btrfs_start_transaction() or btrfs_del_orphan_item() fail, we do
another iput() in the respective error paths, resulting in an extra iput()
on the inode.

Fix this by setting inode to NULL after the first iput(), as iput()
ignores a NULL inode pointer argument.

Fixes: a13bb2c03848 ("btrfs: add missing iputs on orphan cleanup failure")
CC: stable@xxxxxxxxxxxxxxx # 6.4
Reviewed-by: Boris Burkov <boris@xxxxxx>
Signed-off-by: Filipe Manana <fdmanana@xxxxxxxx>
Signed-off-by: David Sterba <dsterba@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/btrfs/inode.c |    1 +
 1 file changed, 1 insertion(+)

--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -3618,6 +3618,7 @@ int btrfs_orphan_cleanup(struct btrfs_ro
 			if (inode) {
 				ret = btrfs_drop_verity_items(BTRFS_I(inode));
 				iput(inode);
+				inode = NULL;
 				if (ret)
 					goto out;
 			}


Patches currently in stable-queue which might be from fdmanana@xxxxxxxx are

queue-6.4/btrfs-zoned-fix-memory-leak-after-finding-block-group-with-super-blocks.patch
queue-6.4/btrfs-fix-double-iput-on-inode-after-an-error-during-orphan-cleanup.patch
queue-6.4/btrfs-fix-warning-when-putting-transaction-with-qgroups-enabled-after-abort.patch
queue-6.4/btrfs-fix-iput-on-error-pointer-after-error-during-orphan-cleanup.patch






