On 8/1/14, 10:11 AM, Eric Sandeen wrote: > xlog_recover_process_data() frees the transaction on > any error out of the oh_flags switch statement, but > in the XLOG_COMMIT_TRANS / xlog_recover_commit_trans() case, > the transaction has already been freed in > xlog_recover_commit_trans() before the error is returned. > > Avoid this by only freeing the transaction in > xlog_recover_commit_trans() if no error will be returned. > > (Coverity spotted this) Ok, I see that Mark already sent this (thanks Mark, sorry for not seeing / remembering) and he was scolded for not thinking hard enough about the problem. I guess I'm not thinking hard enough either... Sorry 'bout that. -Eric > Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx> > --- > > diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c > index 981af0f..e634ffd 100644 > --- a/fs/xfs/xfs_log_recover.c > +++ b/fs/xfs/xfs_log_recover.c > @@ -3514,9 +3514,11 @@ out: > if (!list_empty(&done_list)) > list_splice_init(&done_list, &trans->r_itemq); > > - xlog_recover_free_trans(trans); > - > error2 = xfs_buf_delwri_submit(&buffer_list); > + /* caller will free trans on error */ > + if (!error && !error2) > + xlog_recover_free_trans(trans); > + > return error ? error : error2; > } > > > _______________________________________________ > xfs mailing list > xfs@xxxxxxxxxxx > http://oss.sgi.com/mailman/listinfo/xfs > _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
