diff options
author | Qinghuang Feng <qhfeng.kernel@gmail.com> | 2009-01-21 10:49:16 -0500 |
---|---|---|
committer | Chris Mason <chris.mason@oracle.com> | 2009-01-21 10:49:16 -0500 |
commit | 7e6628544abad773222d8b177f738ac2db1859de (patch) | |
tree | b1bdb87b850ed4639f45b1ca10d739f90e186646 /fs/btrfs/disk-io.c | |
parent | 86288a198d8e4e8411ff02f9ab848245e8f11257 (diff) |
Btrfs: open_ctree() error handling can oops on fs_info
a bug in open_ctree:
struct btrfs_root *open_ctree(..)
{
....
if (!extent_root || !tree_root || !fs_info ||
!chunk_root || !dev_root || !csum_root) {
err = -ENOMEM;
goto fail;
//When code flow goes to "fail", fs_info may be NULL or uninitialized.
}
....
fail:
btrfs_close_devices(fs_info->fs_devices);// !
btrfs_mapping_tree_free(&fs_info->mapping_tree);// !
kfree(extent_root);
kfree(tree_root);
bdi_destroy(&fs_info->bdi);// !
...
)
Signed-off-by: Qinghuang Feng <qhfeng.kernel@gmail.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>
Diffstat (limited to 'fs/btrfs/disk-io.c')
-rw-r--r-- | fs/btrfs/disk-io.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 26a18779e84b..3cf17257f89d 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c | |||
@@ -1823,13 +1823,14 @@ fail_sb_buffer: | |||
1823 | fail_iput: | 1823 | fail_iput: |
1824 | invalidate_inode_pages2(fs_info->btree_inode->i_mapping); | 1824 | invalidate_inode_pages2(fs_info->btree_inode->i_mapping); |
1825 | iput(fs_info->btree_inode); | 1825 | iput(fs_info->btree_inode); |
1826 | fail: | 1826 | |
1827 | btrfs_close_devices(fs_info->fs_devices); | 1827 | btrfs_close_devices(fs_info->fs_devices); |
1828 | btrfs_mapping_tree_free(&fs_info->mapping_tree); | 1828 | btrfs_mapping_tree_free(&fs_info->mapping_tree); |
1829 | bdi_destroy(&fs_info->bdi); | ||
1829 | 1830 | ||
1831 | fail: | ||
1830 | kfree(extent_root); | 1832 | kfree(extent_root); |
1831 | kfree(tree_root); | 1833 | kfree(tree_root); |
1832 | bdi_destroy(&fs_info->bdi); | ||
1833 | kfree(fs_info); | 1834 | kfree(fs_info); |
1834 | kfree(chunk_root); | 1835 | kfree(chunk_root); |
1835 | kfree(dev_root); | 1836 | kfree(dev_root); |