Commit 011b28ac authored May 19, 2021 by Josef Bacik Committed by David Sterba May 27, 2021

btrfs: fixup error handling in fixup_inode_link_counts



This function has the following pattern

	while (1) {
		ret = whatever();
		if (ret)
			goto out;
	}
	ret = 0
out:
	return ret;

However several places in this while loop we simply break; when there's
a problem, thus clearing the return value, and in one case we do a
return -EIO, and leak the memory for the path.

Fix this by re-arranging the loop to deal with ret == 1 coming from
btrfs_search_slot, and then simply delete the

	ret = 0;
out:

bit so everybody can break if there is an error, which will allow for
proper error handling to occur.

CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

parent d61bec08

fs/btrfs/tree-log.c

+7 −6

Original line number	Diff line number	Diff line
		@@ -1787,6 +1787,7 @@ static noinline int fixup_inode_link_counts(struct btrfs_trans_handle *trans,
		break;

		if (ret == 1) {
		ret = 0;
		if (path->slots[0] == 0)
		break;
		path->slots[0]--;
		@@ -1799,17 +1800,19 @@ static noinline int fixup_inode_link_counts(struct btrfs_trans_handle *trans,

		ret = btrfs_del_item(trans, root, path);
		if (ret)
		goto out;
		break;

		btrfs_release_path(path);
		inode = read_one_inode(root, key.offset);
		if (!inode)
		return -EIO;
		if (!inode) {
		ret = -EIO;
		break;
		}

		ret = fixup_inode_link_count(trans, root, inode);
		iput(inode);
		if (ret)
		goto out;
		break;

		/*
		* fixup on a directory may create new entries,
		@@ -1818,8 +1821,6 @@ static noinline int fixup_inode_link_counts(struct btrfs_trans_handle *trans,
		*/
		key.offset = (u64)-1;
		}
		ret = 0;
		out:
		btrfs_release_path(path);
		return ret;
		}