From: Zhang Yi <yi.zhang@huawei.com> stable inclusion from stable-v5.10.252 commit 6e54f8dfee359bbd58086c883ea8cffd5312999d category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/15219 CVE: CVE-2026-45899 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=t... -------------------------------- [ Upstream commit 79b592e8f1b435796cbc2722190368e3e8ffd7a1 ] When the split extent fails, we might leave some extents still being processed and return an error directly, which will result in stale extent entries remaining in the extent status tree. So drop all of the remaining potentially stale extents if the splitting fails. Signed-off-by: Zhang Yi <yi.zhang@huawei.com> Reviewed-by: Baokun Li <libaokun1@huawei.com> Cc: stable@kernel.org Reviewed-by: Ojaswin Mujoo <ojaswin@linux.ibm.com> Message-ID: <20251129103247.686136-8-yi.zhang@huaweicloud.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> [ bring error handling pattern closer to upstream ] Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Conflicts: fs/ext4/extents.c [Previous commit 56531f4ad4569939ee9e900ac32fcdcabf8f11a4 ("ext4:record error information when insert extent failed in 'ext4_split_extent_at") adds a log message in the fail path.] Signed-off-by: Yifan Qiao <qiaoyifan4@huawei.com> Signed-off-by: Long Li <leo.lilong@huawei.com> --- fs/ext4/extents.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 6b438d015903..bc3bebadaa2a 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -3274,13 +3274,14 @@ static int ext4_split_extent_at(handle_t *handle, ext4_ext_mark_unwritten(ex2); err = ext4_ext_insert_extent(handle, inode, ppath, &newex, flags); - if (err != -ENOSPC && err != -EDQUOT && err != -ENOMEM) { - if (err) - EXT4_ERROR_INODE_ERR(inode, -err, - "insert extent failed block = %d len = %d", - ex2->ee_block, ex2->ee_len); - goto out; + if (err && err != -ENOSPC && err != -EDQUOT && err != -ENOMEM) { + EXT4_ERROR_INODE_ERR(inode, -err, + "insert extent failed block = %d len = %d", + ex2->ee_block, ex2->ee_len); + goto out_err; } + if (!err) + goto out; /* * Update path is required because previous ext4_ext_insert_extent() @@ -3295,7 +3296,8 @@ static int ext4_split_extent_at(handle_t *handle, if (IS_ERR(path)) { EXT4_ERROR_INODE(inode, "Failed split extent on %u, err %ld", split, PTR_ERR(path)); - return PTR_ERR(path); + err = PTR_ERR(path); + goto out_err; } depth = ext_depth(inode); ex = path[depth].p_ext; @@ -3351,6 +3353,9 @@ static int ext4_split_extent_at(handle_t *handle, */ ext4_ext_dirty(handle, inode, path + path->p_depth); return err; +out_err: + /* Remove all remaining potentially stale extents. */ + ext4_es_remove_extent(inode, ee_block, ee_len); out: ext4_ext_show_leaf(inode, *ppath); return err; -- 2.52.0