Re: [PATCH] btrfs: fix NULL pointer dereference from free_reloc_roots()

2017-09-06 Thread David Sterba 
On Fri, Aug 25, 2017 at 08:49:11AM +0300, Nikolay Borisov wrote:
> 
> 
> On 25.08.2017 08:15, Naohiro Aota wrote:
> > __del_reloc_root should be called before freeing up reloc_root->node.
> > If not, calling __del_reloc_root() dereference reloc_root->node, causing
> > the system BUG.
> > 
> > Signed-off-by: Naohiro Aota 
> 
> This patch should also have:
> 
> Fixes: 6bdf131fac23 ("Btrfs: don't leak reloc root nodes on error")
> Cc:  # 4.9
> 
> With that:
> 
> Reviewed-by: Nikolay Borisov 

Reviewed-by: David Sterba 

I'll add the other tags, thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] btrfs: fix NULL pointer dereference from free_reloc_roots()

2017-08-24 Thread Nikolay Borisov 


On 25.08.2017 08:15, Naohiro Aota wrote:
> __del_reloc_root should be called before freeing up reloc_root->node.
> If not, calling __del_reloc_root() dereference reloc_root->node, causing
> the system BUG.
> 
> Signed-off-by: Naohiro Aota 

This patch should also have:

Fixes: 6bdf131fac23 ("Btrfs: don't leak reloc root nodes on error")
Cc:  # 4.9

With that:

Reviewed-by: Nikolay Borisov 

> ---
>  fs/btrfs/relocation.c |2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
> index 65661d1aae4e..6445de8e9ece 100644
> --- a/fs/btrfs/relocation.c
> +++ b/fs/btrfs/relocation.c
> @@ -2393,11 +2393,11 @@ void free_reloc_roots(struct list_head *list)
>   while (!list_empty(list)) {
>   reloc_root = list_entry(list->next, struct btrfs_root,
>   root_list);
> + __del_reloc_root(reloc_root);
>   free_extent_buffer(reloc_root->node);
>   free_extent_buffer(reloc_root->commit_root);
>   reloc_root->node = NULL;
>   reloc_root->commit_root = NULL;
> - __del_reloc_root(reloc_root);
>   }
>  }
>  
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] btrfs: fix NULL pointer dereference from free_reloc_roots()

2017-08-24 Thread Naohiro Aota 
__del_reloc_root should be called before freeing up reloc_root->node.
If not, calling __del_reloc_root() dereference reloc_root->node, causing
the system BUG.

Signed-off-by: Naohiro Aota 
---
 fs/btrfs/relocation.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
index 65661d1aae4e..6445de8e9ece 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -2393,11 +2393,11 @@ void free_reloc_roots(struct list_head *list)
while (!list_empty(list)) {
reloc_root = list_entry(list->next, struct btrfs_root,
root_list);
+   __del_reloc_root(reloc_root);
free_extent_buffer(reloc_root->node);
free_extent_buffer(reloc_root->commit_root);
reloc_root->node = NULL;
reloc_root->commit_root = NULL;
-   __del_reloc_root(reloc_root);
}
 }
 

--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html