From: Josef Bacik josef@toxicpanda.com
commit 011b28acf940eb61c000059dd9e2cfcbf52ed96b upstream.
This function has the following pattern
while (1) { ret = whatever(); if (ret) goto out; } ret = 0 out: return ret;
However several places in this while loop we simply break; when there's a problem, thus clearing the return value, and in one case we do a return -EIO, and leak the memory for the path.
Fix this by re-arranging the loop to deal with ret == 1 coming from btrfs_search_slot, and then simply delete the
ret = 0; out:
bit so everybody can break if there is an error, which will allow for proper error handling to occur.
CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Josef Bacik josef@toxicpanda.com Reviewed-by: David Sterba dsterba@suse.com Signed-off-by: David Sterba dsterba@suse.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/btrfs/tree-log.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-)
--- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -1791,6 +1791,7 @@ static noinline int fixup_inode_link_cou break;
if (ret == 1) { + ret = 0; if (path->slots[0] == 0) break; path->slots[0]--; @@ -1803,17 +1804,19 @@ static noinline int fixup_inode_link_cou
ret = btrfs_del_item(trans, root, path); if (ret) - goto out; + break;
btrfs_release_path(path); inode = read_one_inode(root, key.offset); - if (!inode) - return -EIO; + if (!inode) { + ret = -EIO; + break; + }
ret = fixup_inode_link_count(trans, root, inode); iput(inode); if (ret) - goto out; + break;
/* * fixup on a directory may create new entries, @@ -1822,8 +1825,6 @@ static noinline int fixup_inode_link_cou */ key.offset = (u64)-1; } - ret = 0; -out: btrfs_release_path(path); return ret; }