Re: [PATCH] loop: fix backing file reference leak on validation error
From: Li Chen
Date: Mon Sep 29 2025 - 08:56:42 EST
Hi Yu,
---- On Mon, 29 Sep 2025 09:11:04 +0800 Yu Kuai <yukuai1@xxxxxxxxxxxxxxx> wrote ---
> Hi,
>
> 在 2025/09/26 20:12, Li Chen 写道:
> > loop_change_fd() and loop_configure() call loop_check_backing_file()
> > to validate the new backing file. If validation fails, the reference
> > acquired by fget() was not dropped, leaking a file reference.
> >
> > Fix this by calling fput(file) before returning the error.
> >
> > Signed-off-by: Li Chen <chenl311@xxxxxxxxxxxxxxx>
> > ---
> > drivers/block/loop.c | 8 ++++++--
> > 1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/block/loop.c b/drivers/block/loop.c
> > index 053a086d547e..94ec7f747f36 100644
> > --- a/drivers/block/loop.c
> > +++ b/drivers/block/loop.c
> > @@ -551,8 +551,10 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev,
> > return -EBADF;
> >
> > error = loop_check_backing_file(file);
> > - if (error)
> > + if (error) {
> > + fput(file);
> > return error;
> > + }
> >
> > /* suppress uevents while reconfiguring the device */
> > dev_set_uevent_suppress(disk_to_dev(lo->lo_disk), 1);
> > @@ -993,8 +995,10 @@ static int loop_configure(struct loop_device *lo, blk_mode_t mode,
> > return -EBADF;
> >
> > error = loop_check_backing_file(file);
> > - if (error)
> > + if (error) {
> > + fput(file);
> > return error;
> > + }
> >
> > is_loop = is_loop_device(file);
> >
> >
>
> The changes look correct, however, I'll prefer to change the error path
> to the reverse order and add a new error tag.
Thanks, but I will switch to scope-based resource management in v2, as suggested by Markus.
Regards,
Li