diff options
author | Chris Mason <clm@fb.com> | 2015-04-06 18:17:00 -0700 |
---|---|---|
committer | Chris Mason <clm@fb.com> | 2015-04-10 14:07:29 -0700 |
commit | cdfb080e1853660952db5e5332727e59427856df (patch) | |
tree | 43c59bd16f29e6e8fb9ff045ce20a16a4275c715 /fs/btrfs/extent-tree.c | |
parent | 1bbc621ef28462456131c035eaeb5567a1a2a2fe (diff) | |
download | op-kernel-dev-cdfb080e1853660952db5e5332727e59427856df.zip op-kernel-dev-cdfb080e1853660952db5e5332727e59427856df.tar.gz |
Btrfs: fix use after free when close_ctree frees the orphan_rsv
Near the end of close_ctree, we're calling btrfs_free_block_rsv
to free up the orphan rsv. The problem is this call updates the
space_info, which has already been freed.
This adds a new __ function that directly calls kfree instead of trying
to update the space infos.
Signed-off-by: Chris Mason <clm@fb.com>
Diffstat (limited to 'fs/btrfs/extent-tree.c')
-rw-r--r-- | fs/btrfs/extent-tree.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 02c2b29..875ba51 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -4918,6 +4918,11 @@ void btrfs_free_block_rsv(struct btrfs_root *root, kfree(rsv); } +void __btrfs_free_block_rsv(struct btrfs_block_rsv *rsv) +{ + kfree(rsv); +} + int btrfs_block_rsv_add(struct btrfs_root *root, struct btrfs_block_rsv *block_rsv, u64 num_bytes, enum btrfs_reserve_flush_enum flush) |