diff options
author | Xiyu Yang <xiyuyang19@fudan.edu.cn> | 2020-04-20 13:39:39 +0800 |
---|---|---|
committer | David Sterba <dsterba@suse.com> | 2020-04-23 17:24:56 +0200 |
commit | 1402d17dfd9657be0da8458b2079d03c2d61c86a (patch) | |
tree | 6b7e86fd65a27538cdfac75edbb640c39bcb08eb /fs/btrfs/relocation.c | |
parent | f6033c5e333238f299c3ae03fac8cc1365b23b77 (diff) | |
download | lwn-1402d17dfd9657be0da8458b2079d03c2d61c86a.tar.gz lwn-1402d17dfd9657be0da8458b2079d03c2d61c86a.zip |
btrfs: fix transaction leak in btrfs_recover_relocation
btrfs_recover_relocation() invokes btrfs_join_transaction(), which joins
a btrfs_trans_handle object into transactions and returns a reference of
it with increased refcount to "trans".
When btrfs_recover_relocation() returns, "trans" becomes invalid, so the
refcount should be decreased to keep refcount balanced.
The reference counting issue happens in one exception handling path of
btrfs_recover_relocation(). When read_fs_root() failed, the refcnt
increased by btrfs_join_transaction() is not decreased, causing a refcnt
leak.
Fix this issue by calling btrfs_end_transaction() on this error path
when read_fs_root() failed.
Fixes: 79787eaab461 ("btrfs: replace many BUG_ONs with proper error handling")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'fs/btrfs/relocation.c')
-rw-r--r-- | fs/btrfs/relocation.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index d35936c934ab..03bc7134e8cb 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -4559,6 +4559,7 @@ int btrfs_recover_relocation(struct btrfs_root *root) if (IS_ERR(fs_root)) { err = PTR_ERR(fs_root); list_add_tail(&reloc_root->root_list, &reloc_roots); + btrfs_end_transaction(trans); goto out_unset; } |