Btrfs: fix use-after-free in btrfs_replay_log
authorLiu Bo <bo.li.liu@oracle.com>
Thu, 11 Jun 2015 06:16:44 +0000 (14:16 +0800)
committerChris Mason <clm@fb.com>
Fri, 12 Jun 2015 18:03:21 +0000 (11:03 -0700)
@log_root_tree should not be referenced after kfree.

Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.cz>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Chris Mason <clm@fb.com>
fs/btrfs/disk-io.c

index 695363ae1c2875d0e25991a724f549e951fef5f4..b7fa3bac2cff979935a6309e9d1eea6fb69bba64 100644 (file)
@@ -2321,8 +2321,9 @@ static int btrfs_replay_log(struct btrfs_fs_info *fs_info,
                        fs_info->generation + 1);
        if (IS_ERR(log_tree_root->node)) {
                printk(KERN_ERR "BTRFS: failed to read log tree\n");
+               ret = PTR_ERR(log_tree_root->node);
                kfree(log_tree_root);
-               return PTR_ERR(log_tree_root->node);
+               return ret;
        } else if (!extent_buffer_uptodate(log_tree_root->node)) {
                printk(KERN_ERR "BTRFS: failed to read log tree\n");
                free_extent_buffer(log_tree_root->node);