Re: [PATCH v2 1/2] xfs: fix inode ref leak in attr intent recovery

[Darrick J. Wong]

On Wed, Jun 10, 2026 at 10:20:27AM +0800, Yingjie Gao wrote:
> xfs_attri_recover_work() grabs the target inode, attaches it to the
> reconstructed attr work item, and adds that work item to the defer
> pending list.
> 
> If xfs_attr_recover_work() fails to allocate the recovery transaction,
> it returns immediately without dropping the inode reference.  The later
> cancel path only frees the attr work item state, so the inode reference
> leaks.
> 
> Send the failure through the existing cleanup path so the inode
> reference is dropped before the function returns the error.
> 
> Fixes: e70fb328d527 ("xfs: recreate work items when recovering intent items")
> Cc: <stable@xxxxxxxxxxxxxxx> # v6.8
> Signed-off-by: Yingjie Gao <gaoyingjie@xxxxxxxxxxxxx>

Looks good,
Reviewed-by: "Darrick J. Wong" <djwong@xxxxxxxxxx>

--D

> ---
>  fs/xfs/xfs_attr_item.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c
> index deab14f31b38..841838bc1d0f 100644
> --- a/fs/xfs/xfs_attr_item.c
> +++ b/fs/xfs/xfs_attr_item.c
> @@ -774,7 +774,7 @@ xfs_attr_recover_work(
>  	resv = xlog_recover_resv(&resv);
>  	error = xfs_trans_alloc(mp, &resv, total, 0, XFS_TRANS_RESERVE, &tp);
>  	if (error)
> -		return error;
> +		goto out_rele;
>  	args->trans = tp;
>  
>  	xfs_ilock(ip, XFS_ILOCK_EXCL);
> @@ -791,6 +791,7 @@ xfs_attr_recover_work(
>  	error = xfs_defer_ops_capture_and_commit(tp, capture_list);
>  out_unlock:
>  	xfs_iunlock(ip, XFS_ILOCK_EXCL);
> +out_rele:
>  	xfs_irele(ip);
>  	return error;
>  out_cancel:
> -- 
> 2.20.1
> 
>