[Devel] [PATCH RHEL9 COMMIT] ext4: Check alloc_file() results in ext4_open_balloon()

[Konstantin Khorenko]

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-4.vz9.10.26
------>
commit 9bb0ddeaa10ce3f25635e36256044eb7962da5dc
Author: Kirill Tkhai <ktkhai at virtuozzo.com>
Date:   Thu Oct 28 15:38:06 2021 +0000

    ext4: Check alloc_file() results in ext4_open_balloon()
    
    Check for pointer validity before its dereference.
    
    Reported-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
    Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 fs/ext4/ioctl.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 0bac68174793..845a81b07f77 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -853,7 +853,7 @@ static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg)
 static int ext4_open_balloon(struct super_block *sb, struct vfsmount *mnt)
 {
 	struct inode *balloon_ino;
-	int err, fd;
+	int err, fd, ro;
 	struct file *filp;
 	struct dentry *de;
 	struct path path;
@@ -876,13 +876,13 @@ static int ext4_open_balloon(struct super_block *sb, struct vfsmount *mnt)
 
 	path.dentry = de;
 	path.mnt = mntget(mnt);
-	err = mnt_want_write(path.mnt);
-	if (err)
+	ro = mnt_want_write(path.mnt);
+	if (ro)
 		mode = O_RDONLY;
 	else
 		mode = O_RDWR;
 	filp = alloc_file(&path, mode, &ext4_file_operations);
-	if (filp->f_mode & FMODE_WRITE)
+	if (!ro)
 		mnt_drop_write(path.mnt);
 	if (IS_ERR(filp)) {
 		err = PTR_ERR(filp);