Re: [PATCH 1/2] xfs: fix inode ref leak in attr intent recovery
From: Yingjie Gao
Date: Tue Jun 09 2026 - 21:55:13 EST
在 2026/6/9 22:57, Darrick J. Wong 写道:
> On Tue, Jun 09, 2026 at 07:16:18PM +0800, Yingjie Gao wrote:
>> xfs_attri_recover_work() grabs the target inode, attaches it to the
>> reconstructed attr work item, and adds that work item to the defer
>> pending list.
>>
>> If xfs_attr_recover_work() fails to allocate the recovery transaction,
>> it returns immediately without dropping the inode reference. The later
>> cancel path only frees the attr work item state, so the inode reference
>> leaks.
>>
>> Release the inode before returning the transaction allocation failure.
>>
>> Fixes: e70fb328d527 ("xfs: recreate work items when recovering intent items")
>> Cc: <stable@xxxxxxxxxxxxxxx> # v6.8
>> Signed-off-by: Yingjie Gao <gaoyingjie@xxxxxxxxxxxxx>
>> ---
>> fs/xfs/xfs_attr_item.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c
>> index deab14f31b38..c3d96c7a5bca 100644
>> --- a/fs/xfs/xfs_attr_item.c
>> +++ b/fs/xfs/xfs_attr_item.c
>> @@ -773,8 +773,10 @@ xfs_attr_recover_work(
>> }
>> resv = xlog_recover_resv(&resv);
>> error = xfs_trans_alloc(mp, &resv, total, 0, XFS_TRANS_RESERVE, &tp);
>> - if (error)
>> + if (error) {
>> + xfs_irele(ip);
>
> Seems fine but I wonder why you don't just add an out_rele label on the
> line above the existing xfs_irele() call and make this goto there?
>
> --D
>
Good point, I'll update the patch and send a v2.
Thanks for the review.
--
Yingjie
>> return error;
>> + }
>> args->trans = tp;
>>
>> xfs_ilock(ip, XFS_ILOCK_EXCL);
>> --
>> 2.20.1
>>
>>
>