diff options
| author | Naohiro Aota <naohiro.aota@wdc.com> | 2017-08-25 01:15:14 -0400 |
|---|---|---|
| committer | David Sterba <dsterba@suse.com> | 2017-09-26 08:51:49 -0400 |
| commit | bb166d7207432d3c7d10c45dc052f12ba3a2121d (patch) | |
| tree | beee530f91be31d9ad02c62224711652ddbb9b49 | |
| parent | 67c003f90fd68062d92a7ffade36f9b2a9098bd8 (diff) | |
btrfs: fix NULL pointer dereference from free_reloc_roots()
__del_reloc_root should be called before freeing up reloc_root->node.
If not, calling __del_reloc_root() dereference reloc_root->node, causing
the system BUG.
Fixes: 6bdf131fac23 ("Btrfs: don't leak reloc root nodes on error")
Cc: <stable@vger.kernel.org> # 4.9
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
| -rw-r--r-- | fs/btrfs/relocation.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index 3a49a3c2fca4..9841faef08ea 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c | |||
| @@ -2400,11 +2400,11 @@ void free_reloc_roots(struct list_head *list) | |||
| 2400 | while (!list_empty(list)) { | 2400 | while (!list_empty(list)) { |
| 2401 | reloc_root = list_entry(list->next, struct btrfs_root, | 2401 | reloc_root = list_entry(list->next, struct btrfs_root, |
| 2402 | root_list); | 2402 | root_list); |
| 2403 | __del_reloc_root(reloc_root); | ||
| 2403 | free_extent_buffer(reloc_root->node); | 2404 | free_extent_buffer(reloc_root->node); |
| 2404 | free_extent_buffer(reloc_root->commit_root); | 2405 | free_extent_buffer(reloc_root->commit_root); |
| 2405 | reloc_root->node = NULL; | 2406 | reloc_root->node = NULL; |
| 2406 | reloc_root->commit_root = NULL; | 2407 | reloc_root->commit_root = NULL; |
| 2407 | __del_reloc_root(reloc_root); | ||
| 2408 | } | 2408 | } |
| 2409 | } | 2409 | } |
| 2410 | 2410 | ||