btrfs: Fix kfree of member instead of structure
authorJeff Mahoney <jeffm@suse.com>
Tue, 4 Oct 2011 03:23:23 +0000 (23:23 -0400)
committerDavid Sterba <dsterba@suse.cz>
Thu, 22 Mar 2012 00:45:30 +0000 (01:45 +0100)
Correctness fix: The kfree calls in the add_delayed_* functions free
the node that's passed into it, but the node is a member of another
structure. It works because it's always the first member of the
containing structure, but it should really be using the containing
structure itself.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
fs/btrfs/delayed-ref.c

index 66e4f29505a33dbecd45b5d6a80e878c87818bc0..29ecd543d80720e50c7436745e9fc44d69206ef7 100644 (file)
@@ -487,7 +487,7 @@ static noinline int add_delayed_ref_head(struct btrfs_fs_info *fs_info,
                 * we've updated the existing ref, free the newly
                 * allocated ref
                 */
-               kfree(ref);
+               kfree(head_ref);
        } else {
                delayed_refs->num_heads++;
                delayed_refs->num_heads_ready++;
@@ -549,7 +549,7 @@ static noinline int add_delayed_tree_ref(struct btrfs_fs_info *fs_info,
                 * we've updated the existing ref, free the newly
                 * allocated ref
                 */
-               kfree(ref);
+               kfree(full_ref);
        } else {
                delayed_refs->num_entries++;
                trans->delayed_ref_updates++;
@@ -611,7 +611,7 @@ static noinline int add_delayed_data_ref(struct btrfs_fs_info *fs_info,
                 * we've updated the existing ref, free the newly
                 * allocated ref
                 */
-               kfree(ref);
+               kfree(full_ref);
        } else {
                delayed_refs->num_entries++;
                trans->delayed_ref_updates++;