From: Liu Bo Date: Thu, 11 Jun 2015 06:16:44 +0000 (+0800) Subject: Btrfs: fix use-after-free in btrfs_replay_log X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0eeff2362b829b5e80f8b69f86b60b8094bc742d;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git Btrfs: fix use-after-free in btrfs_replay_log @log_root_tree should not be referenced after kfree. Signed-off-by: Liu Bo Reviewed-by: David Sterba Reported-by: Julia Lawall Signed-off-by: Chris Mason --- diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 695363ae1c28..b7fa3bac2cff 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -2321,8 +2321,9 @@ static int btrfs_replay_log(struct btrfs_fs_info *fs_info, fs_info->generation + 1); if (IS_ERR(log_tree_root->node)) { printk(KERN_ERR "BTRFS: failed to read log tree\n"); + ret = PTR_ERR(log_tree_root->node); kfree(log_tree_root); - return PTR_ERR(log_tree_root->node); + return ret; } else if (!extent_buffer_uptodate(log_tree_root->node)) { printk(KERN_ERR "BTRFS: failed to read log tree\n"); free_extent_buffer(log_tree_root->node);