3.16.70-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Dan Robertson dan@dlrobertson.com
commit e49be14b8d80e23bb7c53d78c21717a474ade76b upstream.
The scrub_ctx csum_list member must be initialized before scrub_free_ctx is called. If the csum_list is not initialized beforehand, the list_empty call in scrub_free_csums will result in a null deref if the allocation fails in the for loop.
Fixes: a2de733c78fa ("btrfs: scrub") Reviewed-by: Nikolay Borisov nborisov@suse.com Signed-off-by: Dan Robertson dan@dlrobertson.com Reviewed-by: David Sterba dsterba@suse.com Signed-off-by: David Sterba dsterba@suse.com [bwh: Backported to 3.16: adjust context] Signed-off-by: Ben Hutchings ben@decadent.org.uk --- fs/btrfs/scrub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -417,6 +417,7 @@ struct scrub_ctx *scrub_setup_ctx(struct sctx->pages_per_rd_bio = pages_per_rd_bio; sctx->curr = -1; sctx->dev_root = dev->dev_root; + INIT_LIST_HEAD(&sctx->csum_list); for (i = 0; i < SCRUB_BIOS_PER_SCTX; ++i) { struct scrub_bio *sbio;
@@ -444,7 +445,6 @@ struct scrub_ctx *scrub_setup_ctx(struct atomic_set(&sctx->workers_pending, 0); atomic_set(&sctx->cancel_req, 0); sctx->csum_size = btrfs_super_csum_size(fs_info->super_copy); - INIT_LIST_HEAD(&sctx->csum_list);
spin_lock_init(&sctx->list_lock); spin_lock_init(&sctx->stat_lock);