CVE-2021-47585

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: fix memory leak in __add_inode_ref()<br /> <br /> Line 1169 (#3) allocates a memory chunk for victim_name by kmalloc(),<br /> but when the function returns in line 1184 (#4) victim_name allocated<br /> by line 1169 (#3) is not freed, which will lead to a memory leak.<br /> There is a similar snippet of code in this function as allocating a memory<br /> chunk for victim_name in line 1104 (#1) as well as releasing the memory<br /> in line 1116 (#2).<br /> <br /> We should kfree() victim_name when the return value of backref_in_log()<br /> is less than zero and before the function returns in line 1184 (#4).<br /> <br /> 1057 static inline int __add_inode_ref(struct btrfs_trans_handle *trans,<br /> 1058 struct btrfs_root *root,<br /> 1059 struct btrfs_path *path,<br /> 1060 struct btrfs_root *log_root,<br /> 1061 struct btrfs_inode *dir,<br /> 1062 struct btrfs_inode *inode,<br /> 1063 u64 inode_objectid, u64 parent_objectid,<br /> 1064 u64 ref_index, char *name, int namelen,<br /> 1065 int *search_done)<br /> 1066 {<br /> <br /> 1104 victim_name = kmalloc(victim_name_len, GFP_NOFS);<br /> // #1: kmalloc (victim_name-1)<br /> 1105 if (!victim_name)<br /> 1106 return -ENOMEM;<br /> <br /> 1112 ret = backref_in_log(log_root, &amp;search_key,<br /> 1113 parent_objectid, victim_name,<br /> 1114 victim_name_len);<br /> 1115 if (ret