xfs
[Top] [All Lists]

Re: [PATCH 3/4] xfs: fix double free in xlog_recover_commit_trans

To: Dave Chinner <david@xxxxxxxxxxxxx>
Subject: Re: [PATCH 3/4] xfs: fix double free in xlog_recover_commit_trans
From: Brian Foster <bfoster@xxxxxxxxxx>
Date: Tue, 26 Aug 2014 08:42:31 -0400
Cc: xfs@xxxxxxxxxxx
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <1409016101-9511-4-git-send-email-david@xxxxxxxxxxxxx>
References: <1409016101-9511-1-git-send-email-david@xxxxxxxxxxxxx> <1409016101-9511-4-git-send-email-david@xxxxxxxxxxxxx>
User-agent: Mutt/1.5.23 (2014-03-12)
On Tue, Aug 26, 2014 at 11:21:40AM +1000, Dave Chinner wrote:
> From: Dave Chinner <dchinner@xxxxxxxxxx>
> 
> When an error occurs during buffer submission in
> xlog_recover_commit_trans(), we free the trans structure twice. Fix
> it by only freeing the structure in the caller regardless of the
> success or failure of the function.
> 
> Signed-off-by: Dave Chinner <dchinner@xxxxxxxxxx>
> ---
>  fs/xfs/xfs_log_recover.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
> index 460cf98..23895d5 100644
> --- a/fs/xfs/xfs_log_recover.c
> +++ b/fs/xfs/xfs_log_recover.c
> @@ -3524,8 +3524,6 @@ out:
>       if (!list_empty(&done_list))
>               list_splice_init(&done_list, &trans->r_itemq);
>  
> -     xlog_recover_free_trans(trans);
> -
>       error2 = xfs_buf_delwri_submit(&buffer_list);
>       return error ? error : error2;
>  }
> @@ -3571,6 +3569,11 @@ xlog_recovery_process_ophdr(
>       if (flags & XLOG_WAS_CONT_TRANS)
>               flags &= ~XLOG_CONTINUE_TRANS;
>  
> +     /*
> +      * Callees must not free the trans structure. We own it, so we'll decide
> +      * if we need to free it or not based on the operation being done and
> +      * it's result.

           its

> +      */
>       switch (flags) {
>       /* expected flag values */
>       case 0:
> @@ -3582,7 +3585,8 @@ xlog_recovery_process_ophdr(
>               break;
>       case XLOG_COMMIT_TRANS:
>               error = xlog_recover_commit_trans(log, trans, pass);
> -             break;
> +             xlog_recover_free_trans(trans);
> +             return error;
>  
>       /* unexpected flag values */
>       case XLOG_UNMOUNT_TRANS:
> -- 
> 2.0.0
> 
> _______________________________________________
> xfs mailing list
> xfs@xxxxxxxxxxx
> http://oss.sgi.com/mailman/listinfo/xfs

<Prev in Thread] Current Thread [Next in Thread>