Re: [PATCH 1/2] xfs: fix inode ref leak in attr intent recovery

Next message: Harrison Vanderbyl: "[PATCH v4 1/1] arm64: dts: qcom: Add Microsoft Surface Pro 12in"
Previous message: Markus Probst: "Re: [PATCH RESEND v2 1/2] serial: earlycon: add uart_clk_freq parameter"
In reply to: Yingjie Gao: "[PATCH 1/2] xfs: fix inode ref leak in attr intent recovery"
Next in thread: Yingjie Gao: "Re: [PATCH 1/2] xfs: fix inode ref leak in attr intent recovery"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Darrick J. Wong

Date: Tue Jun 09 2026 - 11:13:09 EST

On Tue, Jun 09, 2026 at 07:16:18PM +0800, Yingjie Gao wrote:
> xfs_attri_recover_work() grabs the target inode, attaches it to the
> reconstructed attr work item, and adds that work item to the defer
> pending list.
>
> If xfs_attr_recover_work() fails to allocate the recovery transaction,
> it returns immediately without dropping the inode reference. The later
> cancel path only frees the attr work item state, so the inode reference
> leaks.
>
> Release the inode before returning the transaction allocation failure.
>
> Fixes: e70fb328d527 ("xfs: recreate work items when recovering intent items")
> Cc: <stable@xxxxxxxxxxxxxxx> # v6.8
> Signed-off-by: Yingjie Gao <gaoyingjie@xxxxxxxxxxxxx>
> ---
> fs/xfs/xfs_attr_item.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/xfs/xfs_attr_item.c b/fs/xfs/xfs_attr_item.c
> index deab14f31b38..c3d96c7a5bca 100644
> --- a/fs/xfs/xfs_attr_item.c
> +++ b/fs/xfs/xfs_attr_item.c
> @@ -773,8 +773,10 @@ xfs_attr_recover_work(
> }
> resv = xlog_recover_resv(&resv);
> error = xfs_trans_alloc(mp, &resv, total, 0, XFS_TRANS_RESERVE, &tp);
> - if (error)
> + if (error) {
> + xfs_irele(ip);

Seems fine but I wonder why you don't just add an out_rele label on the
line above the existing xfs_irele() call and make this goto there?

--D

> return error;
> + }
> args->trans = tp;
>
> xfs_ilock(ip, XFS_ILOCK_EXCL);
> --
> 2.20.1
>
>