From: Josef Bacik josef@toxicpanda.com
commit fb2d83eefef4e1c717205bac71cb1941edf8ae11 upstream.
If we fail to load an fs root, or fail to start a transaction we can bail without unsetting the reloc control, which leads to problems later when we free the reloc control but still have it attached to the file system.
In the normal path we'll end up calling unset_reloc_control() twice, but all it does is set fs_info->reloc_control = NULL, and we can only have one balance at a time so it's not racey.
CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Qu Wenruo wqu@suse.com Signed-off-by: Josef Bacik josef@toxicpanda.com Reviewed-by: David Sterba dsterba@suse.com Signed-off-by: David Sterba dsterba@suse.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- fs/btrfs/relocation.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
--- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -4584,9 +4584,8 @@ int btrfs_recover_relocation(struct btrf
trans = btrfs_join_transaction(rc->extent_root); if (IS_ERR(trans)) { - unset_reloc_control(rc); err = PTR_ERR(trans); - goto out_free; + goto out_unset; }
rc->merge_reloc_tree = 1; @@ -4606,7 +4605,7 @@ int btrfs_recover_relocation(struct btrf if (IS_ERR(fs_root)) { err = PTR_ERR(fs_root); list_add_tail(&reloc_root->root_list, &reloc_roots); - goto out_free; + goto out_unset; }
err = __add_reloc_root(reloc_root); @@ -4616,7 +4615,7 @@ int btrfs_recover_relocation(struct btrf
err = btrfs_commit_transaction(trans); if (err) - goto out_free; + goto out_unset;
merge_reloc_roots(rc);
@@ -4632,7 +4631,8 @@ out_clean: ret = clean_dirty_subvols(rc); if (ret < 0 && !err) err = ret; -out_free: +out_unset: + unset_reloc_control(rc); kfree(rc); out: if (!list_empty(&reloc_roots))