OpenCloudOS-Kernel/fs/btrfs
Pan Bian 42a657f576 btrfs: relocation: set trans to be NULL after ending transaction
The function relocate_block_group calls btrfs_end_transaction to release
trans when update_backref_cache returns 1, and then continues the loop
body. If btrfs_block_rsv_refill fails this time, it will jump out the
loop and the freed trans will be accessed. This may result in a
use-after-free bug. The patch assigns NULL to trans after trans is
released so that it will not be accessed.

Fixes: 0647bf564f ("Btrfs: improve forever loop when doing balance relocation")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Pan Bian <bianpan2016@163.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2018-11-23 13:47:46 +01:00
..
tests btrfs: tests: add separate stub for find_lock_delalloc_range 2018-10-15 17:23:34 +02:00
Kconfig btrfs: add SPDX header to Kconfig 2018-04-12 16:29:55 +02:00
Makefile btrfs: Remove custom crc32c init code 2018-03-26 15:09:39 +02:00
acl.c btrfs: remove unnecessary curly braces in btrfs_get_acl 2018-08-06 13:12:41 +02:00
async-thread.c btrfs: replace GPL boilerplate by SPDX -- sources 2018-04-12 16:29:51 +02:00
async-thread.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
backref.c Btrfs: preftree: use rb_first_cached 2018-10-15 17:23:33 +02:00
backref.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
btrfs_inode.h btrfs: Remove 'objectid' member from struct btrfs_root 2018-10-15 17:23:25 +02:00
check-integrity.c Btrfs: use args in the correct order for kcalloc in btrfsic_read_block 2018-10-15 17:23:30 +02:00
check-integrity.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
compression.c btrfs: remove unused pointer 'tree' in btrfs_submit_compressed_read 2018-10-15 17:23:28 +02:00
compression.h btrfs: compression: Add linux/sizes.h for compression.h 2018-05-29 18:13:00 +02:00
ctree.c Btrfs: fix deadlock when writing out free space caches 2018-10-17 17:46:24 +02:00
ctree.h Btrfs: fix deadlock on tree root leaf when finding free extent 2018-11-06 16:42:32 +01:00
dedupe.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
delayed-inode.c Btrfs: kill btrfs_clear_path_blocking 2018-10-15 17:23:38 +02:00
delayed-inode.h Btrfs: delayed-inode: use rb_first_cached for ins_root and del_root 2018-10-15 17:23:33 +02:00
delayed-ref.c btrfs: delayed-ref: extract find_first_ref_head from find_ref_head 2018-10-17 19:21:00 +02:00
delayed-ref.h btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock 2018-10-15 17:23:41 +02:00
dev-replace.c btrfs: dev-replace: remove pointless assert in write unlock 2018-10-15 17:23:38 +02:00
dev-replace.h btrfs: open code btrfs_after_dev_replace_commit 2018-10-15 17:23:37 +02:00
dir-item.c btrfs: Remove root parameter from btrfs_insert_dir_item 2018-10-15 17:23:25 +02:00
disk-io.c btrfs: Always try all copies when reading extent buffers 2018-11-13 01:55:52 +01:00
disk-io.h btrfs: unify end_io callbacks of async_submit_bio 2018-08-06 13:12:55 +02:00
export.c btrfs: Remove 'objectid' member from struct btrfs_root 2018-10-15 17:23:25 +02:00
export.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
extent-tree.c btrfs: fix insert_reserved error handling 2018-10-19 12:20:03 +02:00
extent_io.c btrfs: tests: add separate stub for find_lock_delalloc_range 2018-10-15 17:23:34 +02:00
extent_io.h btrfs: tests: add separate stub for find_lock_delalloc_range 2018-10-15 17:23:34 +02:00
extent_map.c Btrfs: extent_map: use rb_first_cached 2018-10-15 17:23:33 +02:00
extent_map.h Btrfs: extent_map: use rb_first_cached 2018-10-15 17:23:33 +02:00
file-item.c btrfs: simplify pointer chasing of local fs_info variables 2018-08-06 13:12:43 +02:00
file.c Btrfs: fix rare chances for data loss when doing a fast fsync 2018-11-13 13:49:43 +01:00
free-space-cache.c Btrfs: fix deadlock on tree root leaf when finding free extent 2018-11-06 16:42:32 +01:00
free-space-cache.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
free-space-tree.c btrfs: Remove fs_info from btrfs_del_root 2018-08-06 13:13:00 +02:00
free-space-tree.h btrfs: Remove fs_info argument from add_to_free_space_tree 2018-05-28 18:07:36 +02:00
inode-item.c btrfs: replace GPL boilerplate by SPDX -- sources 2018-04-12 16:29:51 +02:00
inode-map.c btrfs: prune unused includes 2018-08-06 13:12:43 +02:00
inode-map.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
inode.c Btrfs: fix deadlock on tree root leaf when finding free extent 2018-11-06 16:42:32 +01:00
ioctl.c Btrfs: fix data corruption due to cloning of eof block 2018-11-06 16:42:41 +01:00
locking.c btrfs: replace waitqueue_actvie with cond_wake_up 2018-05-28 18:23:09 +02:00
locking.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
lzo.c btrfs: lzo: Harden inline lzo compressed extent decompression 2018-05-30 16:46:43 +02:00
math.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
ordered-data.c btrfs: prune unused includes 2018-08-06 13:12:43 +02:00
ordered-data.h btrfs: remove remaing full_sync logic from btrfs_sync_file 2018-08-06 13:12:31 +02:00
orphan.c btrfs: replace GPL boilerplate by SPDX -- sources 2018-04-12 16:29:51 +02:00
print-tree.c btrfs: annotate unlikely branches after V0 extent type removal 2018-08-06 13:12:41 +02:00
print-tree.h btrfs: print-tree: debugging output enhancement 2018-04-20 19:18:16 +02:00
props.c btrfs: property: Set incompat flag if lzo/zstd compression is set 2018-05-17 14:18:25 +02:00
props.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
qgroup.c Btrfs: fix race between enabling quotas and subvolume creation 2018-11-22 18:59:59 +01:00
qgroup.h btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled 2018-10-15 17:23:40 +02:00
raid56.c btrfs: raid56: catch errors from full_stripe_write 2018-08-06 13:12:45 +02:00
raid56.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
rcu-string.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
reada.c btrfs: prune unused includes 2018-08-06 13:12:43 +02:00
ref-verify.c btrfs: Remove 'objectid' member from struct btrfs_root 2018-10-15 17:23:25 +02:00
ref-verify.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
relocation.c btrfs: relocation: set trans to be NULL after ending transaction 2018-11-23 13:47:46 +01:00
root-tree.c btrfs: Remove fs_info from btrfs_add_root_ref 2018-08-06 13:13:00 +02:00
scrub.c btrfs: open code btrfs_dev_replace_stats_inc 2018-10-15 17:23:37 +02:00
send.c Btrfs: send, fix infinite loop due to directory rename dependencies 2018-11-21 17:03:50 +01:00
send.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
struct-funcs.c btrfs: prune unused includes 2018-08-06 13:12:43 +02:00
super.c Btrfs: ensure path name is null terminated at btrfs_control_ioctl 2018-11-14 18:26:20 +01:00
sysfs.c btrfs: prune unused includes 2018-08-06 13:12:43 +02:00
sysfs.h btrfs: sysfs: Use enum/define value for feature array definitions 2018-05-28 18:23:39 +02:00
transaction.c btrfs: don't run delayed_iputs in commit 2018-10-19 12:20:03 +02:00
transaction.h btrfs: replace get_seconds with new 64bit time API 2018-08-06 13:12:29 +02:00
tree-checker.c btrfs: tree-checker: Fix misleading group system information 2018-11-06 16:41:53 +01:00
tree-checker.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
tree-defrag.c btrfs: replace GPL boilerplate by SPDX -- sources 2018-04-12 16:29:51 +02:00
tree-log.c Btrfs: fix missing data checksums after a ranged fsync (msync) 2018-11-06 16:41:40 +01:00
tree-log.h btrfs: change btrfs_pin_log_trans to return void 2018-10-15 17:23:27 +02:00
ulist.c btrfs: replace GPL boilerplate by SPDX -- sources 2018-04-12 16:29:51 +02:00
ulist.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
uuid-tree.c btrfs: Remove fs_info argument from btrfs_uuid_tree_rem 2018-05-30 16:46:53 +02:00
volumes.c btrfs: open code btrfs_dev_replace_clear_lock_blocking 2018-10-15 17:23:37 +02:00
volumes.h btrfs: Make btrfs_find_device_by_devspec return btrfs_device directly 2018-10-15 17:23:30 +02:00
xattr.c btrfs: replace GPL boilerplate by SPDX -- sources 2018-04-12 16:29:51 +02:00
xattr.h btrfs: replace GPL boilerplate by SPDX -- headers 2018-04-12 16:29:46 +02:00
zlib.c btrfs: replace GPL boilerplate by SPDX -- sources 2018-04-12 16:29:51 +02:00
zstd.c btrfs: replace GPL boilerplate by SPDX -- sources 2018-04-12 16:29:51 +02:00