On 2025/9/30 17:16, Haofeng Li wrote:
From: Haofeng Li <[email protected]>Fixes a memory leak issue in f2fs_move_inline_dirents() where the ifolio is not properly released in certain error paths. Problem Analysis: - In f2fs_try_convert_inline_dir(), ifolio is acquired via f2fs_get_inode_folio() - When do_convert_inline_dir() fails, the caller expects ifolio to be released - However, in f2fs_move_inline_dirents(), two specific error paths don't release ifolio Fixes: 201a05be9628a ("f2fs: add key function to handle inline dir") Signed-off-by: Haofeng Li <[email protected]> --- fs/f2fs/inline.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c index 58ac831ef704..2496866fc45d 100644 --- a/fs/f2fs/inline.c +++ b/fs/f2fs/inline.c @@ -425,7 +425,7 @@ static int f2fs_move_inline_dirents(struct inode *dir, struct folio *ifolio, set_new_dnode(&dn, dir, ifolio, NULL, 0); err = f2fs_reserve_block(&dn, 0);
f2fs_reserve_block() will call f2fs_put_dnode() in its error path, it has unlocked & released inode folio?
if (err) - goto out; + goto out_put_ifolio;if (unlikely(dn.data_blkaddr != NEW_ADDR)) {f2fs_put_dnode(&dn);
Ditto, or am I missing something? Thanks,
@@ -434,7 +434,7 @@ static int f2fs_move_inline_dirents(struct inode *dir, struct folio *ifolio, __func__, dir->i_ino, dn.data_blkaddr); f2fs_handle_error(F2FS_F_SB(folio), ERROR_INVALID_BLKADDR); err = -EFSCORRUPTED; - goto out; + goto out_put_ifolio; }f2fs_folio_wait_writeback(folio, DATA, true, true);@@ -479,6 +479,10 @@ static int f2fs_move_inline_dirents(struct inode *dir, struct folio *ifolio, out: f2fs_folio_put(folio, true); return err; + +out_put_ifolio: + f2fs_folio_put(ifolio, true); + goto out; }static int f2fs_add_inline_entries(struct inode *dir, void *inline_dentry)
_______________________________________________ Linux-f2fs-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
