Btrfs: avoid double free of fs_info->qgroup_ulist When btrfs_read_qgroup_config or btrfs_quota_enable return non-zero, we've already freed the fs_info->qgroup_ulist. The final btrfs_free_qgroup_config called from quota_disable makes another ulist_free(fs_info->qgroup_ulist) call. We set fs_info->qgroup_ulist to NULL on the mentioned error paths, turning the ulist_free in btrfs_free_qgroup_config into a noop. Cc: Wang Shilong <wangsl-fnst@cn.fujitsu.com> Signed-off-by: Jan Schmidt <list.btrfs@jan-o-sch.net> Signed-off-by: Josef Bacik <jbacik@fusionio.com>

commit: eb1716af887375f1e2099f69bb89dfc5bd169bfa [log] [tgz]
author: Jan Schmidt <list.btrfs@jan-o-sch.net> Tue May 28 15:47:23 2013 +0000
committer: Josef Bacik <jbacik@fusionio.com> Fri Jun 14 11:30:08 2013 -0400
tree: 634461e97227d6d75b3e05f47567bd1d1478beb2
parent: 4373519db4dbca05341a60b28f6e159b106e4c4b [diff] [blame]
diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
index 74b432d..c6ce642 100644
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c

@@ -430,8 +430,10 @@
 	}
 	btrfs_free_path(path);
 
-	if (ret < 0)
+	if (ret < 0) {
 		ulist_free(fs_info->qgroup_ulist);
+		fs_info->qgroup_ulist = NULL;
+	}
 
 	return ret < 0 ? ret : 0;
 }
@@ -932,8 +934,10 @@
 		kfree(quota_root);
 	}
 out:
-	if (ret)
+	if (ret) {
 		ulist_free(fs_info->qgroup_ulist);
+		fs_info->qgroup_ulist = NULL;
+	}
 	mutex_unlock(&fs_info->qgroup_ioctl_lock);
 	return ret;
 }
commit	eb1716af887375f1e2099f69bb89dfc5bd169bfa	[log] [tgz]
author	Jan Schmidt <list.btrfs@jan-o-sch.net>	Tue May 28 15:47:23 2013 +0000
committer	Josef Bacik <jbacik@fusionio.com>	Fri Jun 14 11:30:08 2013 -0400
tree	634461e97227d6d75b3e05f47567bd1d1478beb2
parent	4373519db4dbca05341a60b28f6e159b106e4c4b [diff] [blame]