From: Naohiro Aota <naohiro.aota@wdc.com>
Date: Fri, 25 Aug 2017 05:15:14 +0000 (+0900)
Subject: btrfs: fix NULL pointer dereference from free_reloc_roots()
X-Git-Tag: C0P2-H0.0--20200415~7350
X-Git-Url: https://git.somdevices.com/?a=commitdiff_plain;h=b86b6c226beafc28d5935ebb99590348cb48b633;p=linux.git

btrfs: fix NULL pointer dereference from free_reloc_roots()

commit bb166d7207432d3c7d10c45dc052f12ba3a2121d upstream.

__del_reloc_root should be called before freeing up reloc_root->node.
If not, calling __del_reloc_root() dereference reloc_root->node, causing
the system BUG.

Fixes: 6bdf131fac23 ("Btrfs: don't leak reloc root nodes on error")
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
index 2cf5e142675e..04c61bcf62e5 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -2367,11 +2367,11 @@ void free_reloc_roots(struct list_head *list)
 	while (!list_empty(list)) {
 		reloc_root = list_entry(list->next, struct btrfs_root,
 					root_list);
+		__del_reloc_root(reloc_root);
 		free_extent_buffer(reloc_root->node);
 		free_extent_buffer(reloc_root->commit_root);
 		reloc_root->node = NULL;
 		reloc_root->commit_root = NULL;
-		__del_reloc_root(reloc_root);
 	}
 }