| From 011b28acf940eb61c000059dd9e2cfcbf52ed96b Mon Sep 17 00:00:00 2001 |
| From: Josef Bacik <josef@toxicpanda.com> |
| Date: Wed, 19 May 2021 13:13:15 -0400 |
| Subject: btrfs: fixup error handling in fixup_inode_link_counts |
| |
| From: Josef Bacik <josef@toxicpanda.com> |
| |
| commit 011b28acf940eb61c000059dd9e2cfcbf52ed96b upstream. |
| |
| This function has the following pattern |
| |
| while (1) { |
| ret = whatever(); |
| if (ret) |
| goto out; |
| } |
| ret = 0 |
| out: |
| return ret; |
| |
| However several places in this while loop we simply break; when there's |
| a problem, thus clearing the return value, and in one case we do a |
| return -EIO, and leak the memory for the path. |
| |
| Fix this by re-arranging the loop to deal with ret == 1 coming from |
| btrfs_search_slot, and then simply delete the |
| |
| ret = 0; |
| out: |
| |
| bit so everybody can break if there is an error, which will allow for |
| proper error handling to occur. |
| |
| CC: stable@vger.kernel.org # 4.4+ |
| Signed-off-by: Josef Bacik <josef@toxicpanda.com> |
| Reviewed-by: David Sterba <dsterba@suse.com> |
| Signed-off-by: David Sterba <dsterba@suse.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| fs/btrfs/tree-log.c | 13 +++++++------ |
| 1 file changed, 7 insertions(+), 6 deletions(-) |
| |
| --- a/fs/btrfs/tree-log.c |
| +++ b/fs/btrfs/tree-log.c |
| @@ -1752,6 +1752,7 @@ static noinline int fixup_inode_link_cou |
| break; |
| |
| if (ret == 1) { |
| + ret = 0; |
| if (path->slots[0] == 0) |
| break; |
| path->slots[0]--; |
| @@ -1764,17 +1765,19 @@ static noinline int fixup_inode_link_cou |
| |
| ret = btrfs_del_item(trans, root, path); |
| if (ret) |
| - goto out; |
| + break; |
| |
| btrfs_release_path(path); |
| inode = read_one_inode(root, key.offset); |
| - if (!inode) |
| - return -EIO; |
| + if (!inode) { |
| + ret = -EIO; |
| + break; |
| + } |
| |
| ret = fixup_inode_link_count(trans, root, inode); |
| iput(inode); |
| if (ret) |
| - goto out; |
| + break; |
| |
| /* |
| * fixup on a directory may create new entries, |
| @@ -1783,8 +1786,6 @@ static noinline int fixup_inode_link_cou |
| */ |
| key.offset = (u64)-1; |
| } |
| - ret = 0; |
| -out: |
| btrfs_release_path(path); |
| return ret; |
| } |