f2fs: fix fsync_inode list addition logic and avoid invalid access to memory

In function find_fsync_dnodes() - the fsync inodes gets added to the list, but
in one path suppose f2fs_iget results in error, in such case - error gets added
to the fsync inode list.
In next call to recover_data()->get_fsync_inode()
entry = list_entry(this, struct fsync_inode_entry, list);
                if (entry->inode->i_ino == ino)
This can result in "invalid access to memory" when it encounters 'error' as
entry in the fsync inode list.
So, add the fsync inode entry to the list only in case of no errors.
And, free the object at that point itself in case of issue.

Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>

1 files changed, 4 insertions, 3 deletions

diff --git a/fs/f2fs/recovery.c b/fs/f2fs/recovery.c
index 207e2c865c7e..b571fee677d5 100644
--- a/fs/f2fs/recovery.c
+++ b/fs/f2fs/recovery.c
@@ -144,14 +144,15 @@ static int find_fsync_dnodes(struct f2fs_sb_info *sbi, struct list_head *head)
                                 goto out;
                         }
 
-                        INIT_LIST_HEAD(&entry->list);
-                        list_add_tail(&entry->list, head);
-
                         entry->inode = f2fs_iget(sbi->sb, ino_of_node(page));
                         if (IS_ERR(entry->inode)) {
                                 err = PTR_ERR(entry->inode);
+                                kmem_cache_free(fsync_entry_slab, entry);
                                 goto out;
                         }
+
+                        INIT_LIST_HEAD(&entry->list);
+                        list_add_tail(&entry->list, head);
                         entry->blkaddr = blkaddr;
                 }
                 if (IS_INODE(page)) {