diff options
| author | Zhao Lei <zhaolei@cn.fujitsu.com> | 2016-05-17 17:37:38 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-06-07 18:18:55 -0700 |
| commit | f8f2b9dd9ccb165fa472855ef98e624e3173f8dd (patch) | |
| tree | 3152991fcc4357e324bb12b9b24b0b3e5410f780 /fs | |
| parent | 327b1cf89e87607cf1d999a27481245b2610149c (diff) | |
btrfs: scrub: Set bbio to NULL before calling btrfs_map_block
commit f1fee6534dcfbf468a159789aa202db2bce8c200 upstream.
We usually call btrfs_put_bbio() when btrfs_map_block() failed,
btrfs_put_bbio() works right whether bbio is a valid value, or NULL.
But there is a exception, in some case, btrfs_map_block() will return
fail without touching *bbio(keeping its original value), and if bbio
was not initialized yet, invalid memory accessing will happened.
Above case is in scrub_missing_raid56_pages(), and similar case in
scrub_raid56_parity().
Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/btrfs/scrub.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index ee046f6fffe0..2b7986e9df03 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -2179,7 +2179,7 @@ static void scrub_missing_raid56_pages(struct scrub_block *sblock) struct btrfs_fs_info *fs_info = sctx->dev_root->fs_info; u64 length = sblock->page_count * PAGE_SIZE; u64 logical = sblock->pagev[0]->logical; - struct btrfs_bio *bbio; + struct btrfs_bio *bbio = NULL; struct bio *bio; struct btrfs_raid_bio *rbio; int ret; @@ -2980,6 +2980,7 @@ again: extent_len); mapped_length = extent_len; + bbio = NULL; ret = btrfs_map_block(fs_info, READ, extent_logical, &mapped_length, &bbio, 0); if (!ret) { |