Btrfs: avoid double free of fs_info->qgroup_ulist

When btrfs_read_qgroup_config or btrfs_quota_enable return non-zero, we've already freed the fs_info->qgroup_ulist. The final btrfs_free_qgroup_config called from quota_disable makes another ulist_free(fs_info->qgroup_ulist) call. We set fs_info->qgroup_ulist to NULL on the mentioned error paths, turning the ulist_free in btrfs_free_qgroup_config into a noop. Cc: Wang Shilong <wangsl-fnst@cn.fujitsu.com> Signed-off-by: N Jan Schmidt <list.btrfs@jan-o-sch.net> Signed-off-by: N Josef Bacik <jbacik@fusionio.com>

Btrfs: avoid double free of fs_info->qgroup_ulist
When btrfs_read_qgroup_config or btrfs_quota_enable return non-zero, we've already freed the fs_info->qgroup_ulist. The final btrfs_free_qgroup_config called from quota_disable makes another ulist_free(fs_info->qgroup_ulist) call. We set fs_info->qgroup_ulist to NULL on the mentioned error paths, turning the ulist_free in btrfs_free_qgroup_config into a noop. Cc: Wang Shilong <wangsl-fnst@cn.fujitsu.com> Signed-off-by: N Jan Schmidt <list.btrfs@jan-o-sch.net> Signed-off-by: N Josef Bacik <jbacik@fusionio.com>
eb1716af · Jan Schmidt · Josef Bacik · 4373519d · eb1716af
显示空白变更内容
内联并排

Showing with 6 addition and 2 deletion

fs/btrfs/qgroup.c fs/btrfs/qgroup.c +6 -2

未找到文件。
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -430,8 +430,10 @@ int btrfs_read_qgroup_config(struct btrfs_fs_info *fs_info)
 	}
 	btrfs_free_path(path);
-	if (ret < 0)
+	if (ret < 0) {
 		ulist_free(fs_info->qgroup_ulist);
+		fs_info->qgroup_ulist = NULL;
+	}
 	return ret < 0 ? ret : 0;
 }
@@ -932,8 +934,10 @@ int btrfs_quota_enable(struct btrfs_trans_handle *trans,
 		kfree(quota_root);
 	}
 out:
-	if (ret)
+	if (ret) {
 		ulist_free(fs_info->qgroup_ulist);
+		fs_info->qgroup_ulist = NULL;
+	}
 	mutex_unlock(&fs_info->qgroup_ioctl_lock);
 	return ret;
 }