From: Baokun Li <libaokun1@huawei.com> stable inclusion from stable-v6.6.129 commit c24ce099bea95350633d8117cedd3344b894a064 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/15219 CVE: CVE-2026-45899 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=t... -------------------------------- [ Upstream commit 8d5ad7b08f9234bc92b9567cfe52e521df5f6626 ] The use of path and ppath is now very confusing, so to make the code more readable, pass path between functions uniformly, and get rid of ppath. To get rid of the ppath in ext4_convert_unwritten_extents_endio(), the following is done here: * Free the extents path when an error is encountered. * Its caller needs to update ppath if it uses ppath. No functional changes. Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Reviewed-by: Ojaswin Mujoo <ojaswin@linux.ibm.com> Tested-by: Ojaswin Mujoo <ojaswin@linux.ibm.com> Link: https://patch.msgid.link/20240822023545.1994557-20-libaokun@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Stable-dep-of: feaf2a80e78f ("ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O") Signed-off-by: Sasha Levin <sashal@kernel.org> Conflicts: fs/ext4/extents.c [merged 5a526eb15037 ("ext4: use reserved metadata blocks when splitting extent on endio")] Signed-off-by: Long Li <leo.lilong@huawei.com> --- fs/ext4/extents.c | 43 +++++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 5e8a45fc8672..f67aa7ab2c80 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -3800,12 +3800,11 @@ static struct ext4_ext_path *ext4_split_convert_extents(handle_t *handle, allocated); } -static int ext4_convert_unwritten_extents_endio(handle_t *handle, - struct inode *inode, - struct ext4_map_blocks *map, - struct ext4_ext_path **ppath) +static struct ext4_ext_path * +ext4_convert_unwritten_extents_endio(handle_t *handle, struct inode *inode, + struct ext4_map_blocks *map, + struct ext4_ext_path *path) { - struct ext4_ext_path *path = *ppath; struct ext4_extent *ex; ext4_lblk_t ee_block; unsigned int ee_len; @@ -3841,24 +3840,19 @@ static int ext4_convert_unwritten_extents_endio(handle_t *handle, path = ext4_split_convert_extents(handle, inode, map, path, EXT4_GET_BLOCKS_CONVERT | EXT4_GET_BLOCKS_METADATA_NOFAIL, NULL); - if (IS_ERR(path)) { - *ppath = NULL; - return PTR_ERR(path); - } + if (IS_ERR(path)) + return path; path = ext4_find_extent(inode, map->m_lblk, path, 0); - if (IS_ERR(path)) { - *ppath = NULL; - return PTR_ERR(path); - } - *ppath = path; + if (IS_ERR(path)) + return path; depth = ext_depth(inode); ex = path[depth].p_ext; } err = ext4_ext_get_access(handle, inode, path + depth); if (err) - goto out; + goto errout; /* first mark the extent as initialized */ ext4_ext_mark_initialized(ex); @@ -3869,9 +3863,15 @@ static int ext4_convert_unwritten_extents_endio(handle_t *handle, /* Mark modified extent as dirty */ err = ext4_ext_dirty(handle, inode, path + path->p_depth); -out: + if (err) + goto errout; + ext4_ext_show_leaf(inode, path); - return err; + return path; + +errout: + ext4_free_ext_path(path); + return ERR_PTR(err); } static int @@ -3999,10 +3999,13 @@ ext4_ext_handle_unwritten_extents(handle_t *handle, struct inode *inode, } /* IO end_io complete, convert the filled extent to written */ if (flags & EXT4_GET_BLOCKS_CONVERT) { - err = ext4_convert_unwritten_extents_endio(handle, inode, map, - ppath); - if (err < 0) + *ppath = ext4_convert_unwritten_extents_endio(handle, inode, + map, *ppath); + if (IS_ERR(*ppath)) { + err = PTR_ERR(*ppath); + *ppath = NULL; goto out2; + } ext4_update_inode_fsync_trans(handle, inode, 1); goto map_out; } -- 2.52.0