Wang Shilong
2013-Aug-09 08:55 UTC
[PATCH V3 1/2] Btrfs: fix possible memory leak in find_parent_nodes()
The origin code dealt with ''ref'' as following steps:
|->list_del(&ref-list)
|->some operations
|-->goto cleanup if failed
|->kfree(ref)
cleanup:
|->cleanup all ''ref''s in the list
If operations failed, it would goto label ''cleanup'' without
freeing this ''ref''.The cleanup code would also not free it,
because it has been removed from list.
We fix the problem by calling list_del() after operations, so
it is still in the list even if operations fail, and then the
cleanup code can get and free it.
Signed-off-by: Wang Shilong <wangsl.fnst@cn.fujitsu.com>
Reviewed-by: Miao Xie <miaox@cn.fujitsu.com>
---
V2->V3: make changelog more clear.
V1->V2: add explanations to changelog
---
fs/btrfs/backref.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
index 68048d6..7b55c95 100644
--- a/fs/btrfs/backref.c
+++ b/fs/btrfs/backref.c
@@ -911,7 +911,6 @@ again:
while (!list_empty(&prefs)) {
ref = list_first_entry(&prefs, struct __prelim_ref, list);
- list_del(&ref->list);
WARN_ON(ref->count < 0);
if (ref->count && ref->root_id && ref->parent == 0)
{
/* no parent == root of tree */
@@ -956,6 +955,7 @@ again:
eie->next = ref->inode_list;
}
}
+ list_del(&ref->list);
kfree(ref);
}
--
1.8.0.1
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html