ocfs2: fix handle refcount leak in two exception handling paths
authorChenyuan Mi <cymi20@fudan.edu.cn>
Fri, 5 Nov 2021 20:34:45 +0000 (13:34 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Sat, 6 Nov 2021 20:30:32 +0000 (13:30 -0700)
The reference counting issue happens in two exception handling paths of
ocfs2_replay_truncate_records().  When executing these two exception
handling paths, the function forgets to decrease the refcount of handle
increased by ocfs2_start_trans(), causing a refcount leak.

Fix this issue by using ocfs2_commit_trans() to decrease the refcount of
handle in two handling paths.

Link: https://lkml.kernel.org/r/20210908102055.10168-1-cymi20@fudan.edu.cn
Signed-off-by: Chenyuan Mi <cymi20@fudan.edu.cn>
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Wengang Wang <wen.gang.wang@oracle.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/ocfs2/alloc.c

index 5d9ae17bd443f209ce4098e1bc30ef737cfca9bd..1550f18be45110be7828fd0a789c648ba3c1e470 100644 (file)
@@ -5940,6 +5940,7 @@ static int ocfs2_replay_truncate_records(struct ocfs2_super *osb,
                status = ocfs2_journal_access_di(handle, INODE_CACHE(tl_inode), tl_bh,
                                                 OCFS2_JOURNAL_ACCESS_WRITE);
                if (status < 0) {
+                       ocfs2_commit_trans(osb, handle);
                        mlog_errno(status);
                        goto bail;
                }
@@ -5964,6 +5965,7 @@ static int ocfs2_replay_truncate_records(struct ocfs2_super *osb,
                                                     data_alloc_bh, start_blk,
                                                     num_clusters);
                        if (status < 0) {
+                               ocfs2_commit_trans(osb, handle);
                                mlog_errno(status);
                                goto bail;
                        }