From: Eric Sandeen <sandeen@redhat.com>
To: Wang Shilong <wangshilong1991@gmail.com>, linux-btrfs@vger.kernel.org
Cc: Chris Murphy <lists@colorremedies.com>
Subject: Re: [PATCH] Btrfs-progs: super-recover: fix double free fs_devices memory
Date: Mon, 22 Sep 2014 15:39:35 -0500 [thread overview]
Message-ID: <54208907.1030001@redhat.com> (raw)
In-Reply-To: <1411030872-2235-1-git-send-email-wangshilong1991@gmail.com>
On 9/18/14 4:01 AM, Wang Shilong wrote:
> super-recover collects btrfs devices infomation using existed
> functions scan_one_devices().
>
> Problem is fs_devices is freed twice in close_ctree() and
> free_recover_superblock() for super correction path.
>
> Fix this problem by checking whether fs_devices memory
> have been freed before we free it.
>
> Cc: Eric Sandeen <sandeen@redhat.com>
> Cc: Chris Murphy <lists@colorremedies.com>
> Signed-off-by: Wang Shilong <wangshilong1991@gmail.com>
That does seem to fix the testcase. Thanks!
Acked-by: Eric Sandeen <sandeen@redhat.com>
> ---
> super-recover.c | 13 +++----------
> 1 file changed, 3 insertions(+), 10 deletions(-)
>
> diff --git a/super-recover.c b/super-recover.c
> index 767de4b..419b86a 100644
> --- a/super-recover.c
> +++ b/super-recover.c
> @@ -69,21 +69,11 @@ void init_recover_superblock(struct btrfs_recover_superblock *recover)
> static
> void free_recover_superblock(struct btrfs_recover_superblock *recover)
> {
> - struct btrfs_device *device;
> struct super_block_record *record;
>
> if (!recover->fs_devices)
> return;
>
> - while (!list_empty(&recover->fs_devices->devices)) {
> - device = list_entry(recover->fs_devices->devices.next,
> - struct btrfs_device, dev_list);
> - list_del_init(&device->dev_list);
> - free(device->name);
> - free(device);
> - }
> - free(recover->fs_devices);
> -
> while (!list_empty(&recover->good_supers)) {
> record = list_entry(recover->good_supers.next,
> struct super_block_record, list);
> @@ -341,6 +331,9 @@ int btrfs_recover_superblocks(const char *dname,
> no_recover:
> recover_err_str(ret);
> free_recover_superblock(&recover);
> + /* check if we have freed fs_deivces in close_ctree() */
> + if (!root)
> + btrfs_close_devices(recover.fs_devices);
> return ret;
> }
>
>
next prev parent reply other threads:[~2014-09-22 20:39 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-17 17:00 "btrfs rescue super-recover" memory corruption Eric Sandeen
2014-09-17 17:01 ` Eric Sandeen
2014-09-18 7:28 ` Wang Shilong
2014-09-18 9:01 ` [PATCH] Btrfs-progs: super-recover: fix double free fs_devices memory Wang Shilong
2014-09-18 9:23 ` Gui Hecheng
2014-09-22 20:39 ` Eric Sandeen [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-10-12 8:25 [PATCH] btrfs-progs: " robbieko
2018-10-24 18:44 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54208907.1030001@redhat.com \
--to=sandeen@redhat.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=lists@colorremedies.com \
--cc=wangshilong1991@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).