Btrfs: open_ctree() error handling can oops on fs_info
a bug in open_ctree:
struct btrfs_root *open_ctree(..)
{
....
if (!extent_root || !tree_root || !fs_info ||
!chunk_root || !dev_root || !csum_root) {
err = -ENOMEM;
goto fail;
//When code flow goes to "fail", fs_info may be NULL or uninitialized.
}
....
fail:
btrfs_close_devices(fs_info->fs_devices);// !
btrfs_mapping_tree_free(&fs_info->mapping_tree);// !
kfree(extent_root);
kfree(tree_root);
bdi_destroy(&fs_info->bdi);// !
...
)
Signed-off-by: Qinghuang Feng <qhfeng.kernel@gmail.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>
1 file changed