From: Josef Bacik <josef@xxxxxxxxxxxxxx>
commit fb2d83eefef4e1c717205bac71cb1941edf8ae11 upstream.
If we fail to load an fs root, or fail to start a transaction we can
bail without unsetting the reloc control, which leads to problems later
when we free the reloc control but still have it attached to the file
system.
In the normal path we'll end up calling unset_reloc_control() twice, but
all it does is set fs_info->reloc_control = NULL, and we can only have
one balance at a time so it's not racey.
CC: stable@xxxxxxxxxxxxxxx # 5.4+
Reviewed-by: Qu Wenruo <wqu@xxxxxxxx>
Signed-off-by: Josef Bacik <josef@xxxxxxxxxxxxxx>
Reviewed-by: David Sterba <dsterba@xxxxxxxx>
Signed-off-by: David Sterba <dsterba@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/btrfs/relocation.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -4581,9 +4581,8 @@ int btrfs_recover_relocation(struct btrf
trans = btrfs_join_transaction(rc->extent_root);
if (IS_ERR(trans)) {
- unset_reloc_control(rc);
err = PTR_ERR(trans);
- goto out_free;
+ goto out_unset;
}
rc->merge_reloc_tree = 1;
@@ -4603,7 +4602,7 @@ int btrfs_recover_relocation(struct btrf
if (IS_ERR(fs_root)) {
err = PTR_ERR(fs_root);
list_add_tail(&reloc_root->root_list, &reloc_roots);
- goto out_free;
+ goto out_unset;
}
err = __add_reloc_root(reloc_root);
@@ -4613,7 +4612,7 @@ int btrfs_recover_relocation(struct btrf
err = btrfs_commit_transaction(trans);
if (err)
- goto out_free;
+ goto out_unset;
merge_reloc_roots(rc);
@@ -4629,7 +4628,8 @@ out_clean:
ret = clean_dirty_subvols(rc);
if (ret < 0 && !err)
err = ret;
-out_free:
+out_unset:
+ unset_reloc_control(rc);
kfree(rc);
out:
if (!list_empty(&reloc_roots))
