diff options
author | Dan Robertson <dan@dlrobertson.com> | 2019-02-19 02:56:43 +0000 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2019-07-09 22:04:06 +0100 |
commit | 60aa8550618a9230b255d8436aa7f2c091373a0b (patch) | |
tree | aa695d508d65c9fb10f27dcbfcc4a99cf94caf2e | |
parent | 15b800d8f60d6f063d627de612f01794a29982ed (diff) | |
download | linux-stable-60aa8550618a9230b255d8436aa7f2c091373a0b.tar.gz linux-stable-60aa8550618a9230b255d8436aa7f2c091373a0b.tar.bz2 linux-stable-60aa8550618a9230b255d8436aa7f2c091373a0b.zip |
btrfs: init csum_list before possible free
commit e49be14b8d80e23bb7c53d78c21717a474ade76b upstream.
The scrub_ctx csum_list member must be initialized before scrub_free_ctx
is called. If the csum_list is not initialized beforehand, the
list_empty call in scrub_free_csums will result in a null deref if the
allocation fails in the for loop.
Fixes: a2de733c78fa ("btrfs: scrub")
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Dan Robertson <dan@dlrobertson.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
-rw-r--r-- | fs/btrfs/scrub.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index 8dddedcfa961..70edd60db654 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -417,6 +417,7 @@ struct scrub_ctx *scrub_setup_ctx(struct btrfs_device *dev, int is_dev_replace) sctx->pages_per_rd_bio = pages_per_rd_bio; sctx->curr = -1; sctx->dev_root = dev->dev_root; + INIT_LIST_HEAD(&sctx->csum_list); for (i = 0; i < SCRUB_BIOS_PER_SCTX; ++i) { struct scrub_bio *sbio; @@ -444,7 +445,6 @@ struct scrub_ctx *scrub_setup_ctx(struct btrfs_device *dev, int is_dev_replace) atomic_set(&sctx->workers_pending, 0); atomic_set(&sctx->cancel_req, 0); sctx->csum_size = btrfs_super_csum_size(fs_info->super_copy); - INIT_LIST_HEAD(&sctx->csum_list); spin_lock_init(&sctx->list_lock); spin_lock_init(&sctx->stat_lock); |