* [PATCH] xfs: avoid double free on xlog_recover_commit_trans error
@ 2014-08-01 15:11 Eric Sandeen
2014-08-02 16:37 ` Eric Sandeen
0 siblings, 1 reply; 2+ messages in thread
From: Eric Sandeen @ 2014-08-01 15:11 UTC (permalink / raw)
To: xfs-oss
xlog_recover_process_data() frees the transaction on
any error out of the oh_flags switch statement, but
in the XLOG_COMMIT_TRANS / xlog_recover_commit_trans() case,
the transaction has already been freed in
xlog_recover_commit_trans() before the error is returned.
Avoid this by only freeing the transaction in
xlog_recover_commit_trans() if no error will be returned.
(Coverity spotted this)
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---
diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
index 981af0f..e634ffd 100644
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -3514,9 +3514,11 @@ out:
if (!list_empty(&done_list))
list_splice_init(&done_list, &trans->r_itemq);
- xlog_recover_free_trans(trans);
-
error2 = xfs_buf_delwri_submit(&buffer_list);
+ /* caller will free trans on error */
+ if (!error && !error2)
+ xlog_recover_free_trans(trans);
+
return error ? error : error2;
}
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] xfs: avoid double free on xlog_recover_commit_trans error
2014-08-01 15:11 [PATCH] xfs: avoid double free on xlog_recover_commit_trans error Eric Sandeen
@ 2014-08-02 16:37 ` Eric Sandeen
0 siblings, 0 replies; 2+ messages in thread
From: Eric Sandeen @ 2014-08-02 16:37 UTC (permalink / raw)
To: Eric Sandeen, xfs-oss
On 8/1/14, 10:11 AM, Eric Sandeen wrote:
> xlog_recover_process_data() frees the transaction on
> any error out of the oh_flags switch statement, but
> in the XLOG_COMMIT_TRANS / xlog_recover_commit_trans() case,
> the transaction has already been freed in
> xlog_recover_commit_trans() before the error is returned.
>
> Avoid this by only freeing the transaction in
> xlog_recover_commit_trans() if no error will be returned.
>
> (Coverity spotted this)
Ok, I see that Mark already sent this (thanks Mark, sorry for not
seeing / remembering) and he was scolded for not thinking hard enough
about the problem. I guess I'm not thinking hard enough either...
Sorry 'bout that.
-Eric
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
> ---
>
> diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
> index 981af0f..e634ffd 100644
> --- a/fs/xfs/xfs_log_recover.c
> +++ b/fs/xfs/xfs_log_recover.c
> @@ -3514,9 +3514,11 @@ out:
> if (!list_empty(&done_list))
> list_splice_init(&done_list, &trans->r_itemq);
>
> - xlog_recover_free_trans(trans);
> -
> error2 = xfs_buf_delwri_submit(&buffer_list);
> + /* caller will free trans on error */
> + if (!error && !error2)
> + xlog_recover_free_trans(trans);
> +
> return error ? error : error2;
> }
>
>
> _______________________________________________
> xfs mailing list
> xfs@oss.sgi.com
> http://oss.sgi.com/mailman/listinfo/xfs
>
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-08-02 16:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-01 15:11 [PATCH] xfs: avoid double free on xlog_recover_commit_trans error Eric Sandeen
2014-08-02 16:37 ` Eric Sandeen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox