fs/ext4/extents.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
In ext4_ext_shift_extents(), if the extent is NULL in the while loop, the
function returns immediately without releasing the path obtained via
ext4_find_extent(), leading to a memory leak.
Fix this by jumping to the out label to ensure the path is properly
released.
Fixes: a18ed359bdddc ("ext4: always check ext4_ext_find_extent result")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
---
fs/ext4/extents.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 2cf5759ba689..1d21943a09b0 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -5375,7 +5375,8 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle,
if (!extent) {
EXT4_ERROR_INODE(inode, "unexpected hole at %lu",
(unsigned long) *iterator);
- return -EFSCORRUPTED;
+ ret = -EFSCORRUPTED;
+ goto out;
}
if (SHIFT == SHIFT_LEFT && *iterator >
le32_to_cpu(extent->ee_block)) {
--
2.34.1
On Thu, 25 Dec 2025 08:48:00 +0000, Zilin Guan wrote:
> In ext4_ext_shift_extents(), if the extent is NULL in the while loop, the
> function returns immediately without releasing the path obtained via
> ext4_find_extent(), leading to a memory leak.
>
> Fix this by jumping to the out label to ensure the path is properly
> released.
>
> [...]
Applied, thanks!
[1/1] ext4: Fix memory leak in ext4_ext_shift_extents()
commit: ca81109d4a8f192dc1cbad4a1ee25246363c2833
Best regards,
--
Theodore Ts'o <tytso@mit.edu>
On 12/25/2025 4:48 PM, Zilin Guan wrote:
> In ext4_ext_shift_extents(), if the extent is NULL in the while loop, the
> function returns immediately without releasing the path obtained via
> ext4_find_extent(), leading to a memory leak.
>
> Fix this by jumping to the out label to ensure the path is properly
> released.
>
> Fixes: a18ed359bdddc ("ext4: always check ext4_ext_find_extent result")
> Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Looks good to me.
Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
> ---
> fs/ext4/extents.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
> index 2cf5759ba689..1d21943a09b0 100644
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -5375,7 +5375,8 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle,
> if (!extent) {
> EXT4_ERROR_INODE(inode, "unexpected hole at %lu",
> (unsigned long) *iterator);
> - return -EFSCORRUPTED;
> + ret = -EFSCORRUPTED;
> + goto out;
> }
> if (SHIFT == SHIFT_LEFT && *iterator >
> le32_to_cpu(extent->ee_block)) {
On 2025-12-25 16:48, Zilin Guan wrote:
> In ext4_ext_shift_extents(), if the extent is NULL in the while loop, the
> function returns immediately without releasing the path obtained via
> ext4_find_extent(), leading to a memory leak.
>
> Fix this by jumping to the out label to ensure the path is properly
> released.
>
> Fixes: a18ed359bdddc ("ext4: always check ext4_ext_find_extent result")
> Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Nice catch! The patch looks good so feel free to add:
Reviewed-by: Baokun Li <libaokun1@huawei.com>
> ---
> fs/ext4/extents.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
> index 2cf5759ba689..1d21943a09b0 100644
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -5375,7 +5375,8 @@ ext4_ext_shift_extents(struct inode *inode, handle_t *handle,
> if (!extent) {
> EXT4_ERROR_INODE(inode, "unexpected hole at %lu",
> (unsigned long) *iterator);
> - return -EFSCORRUPTED;
> + ret = -EFSCORRUPTED;
> + goto out;
> }
> if (SHIFT == SHIFT_LEFT && *iterator >
> le32_to_cpu(extent->ee_block)) {
© 2016 - 2026 Red Hat, Inc.