btrfs: scrub: Set bbio to NULL before calling btrfs_map_block
We usually call btrfs_put_bbio() when btrfs_map_block() failed, btrfs_put_bbio() works right whether bbio is a valid value, or NULL. But there is a exception, in some case, btrfs_map_block() will return fail without touching *bbio(keeping its original value), and if bbio was not initialized yet, invalid memory accessing will happened. Above case is in scrub_missing_raid56_pages(), and similar case in scrub_raid56_parity(). Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com> Signed-off-by: David Sterba <dsterba@suse.com>
This commit is contained in:
parent
2d324f59f3
commit
f1fee6534d
|
@ -2181,7 +2181,7 @@ static void scrub_missing_raid56_pages(struct scrub_block *sblock)
|
||||||
struct btrfs_fs_info *fs_info = sctx->dev_root->fs_info;
|
struct btrfs_fs_info *fs_info = sctx->dev_root->fs_info;
|
||||||
u64 length = sblock->page_count * PAGE_SIZE;
|
u64 length = sblock->page_count * PAGE_SIZE;
|
||||||
u64 logical = sblock->pagev[0]->logical;
|
u64 logical = sblock->pagev[0]->logical;
|
||||||
struct btrfs_bio *bbio;
|
struct btrfs_bio *bbio = NULL;
|
||||||
struct bio *bio;
|
struct bio *bio;
|
||||||
struct btrfs_raid_bio *rbio;
|
struct btrfs_raid_bio *rbio;
|
||||||
int ret;
|
int ret;
|
||||||
|
@ -2982,6 +2982,7 @@ again:
|
||||||
extent_len);
|
extent_len);
|
||||||
|
|
||||||
mapped_length = extent_len;
|
mapped_length = extent_len;
|
||||||
|
bbio = NULL;
|
||||||
ret = btrfs_map_block(fs_info, READ, extent_logical,
|
ret = btrfs_map_block(fs_info, READ, extent_logical,
|
||||||
&mapped_length, &bbio, 0);
|
&mapped_length, &bbio, 0);
|
||||||
if (!ret) {
|
if (!ret) {
|
||||||
|
|
Loading…
Reference in New Issue