• Nikolay Borisov's avatar
    btrfs: Handle uninitialised inode eviction · 3d48d981
    Nikolay Borisov authored
    The code flow in btrfs_new_inode allows for btrfs_evict_inode to be
    called with not fully initialised inode (e.g. ->root member not
    being set). This can happen when btrfs_set_inode_index in
    btrfs_new_inode fails, which in turn would call iput for the newly
    allocated inode. This in turn leads to vfs calling into btrfs_evict_inode.
    This leads to null pointer dereference. To handle this situation check whether
    the passed inode has root set and just free it in case it doesn't.
    Signed-off-by: default avatarNikolay Borisov <kernel@kyup.com>
    Reviewed-by: default avatarJosef Bacik <jbacik@fb.com>
    Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
    3d48d981
inode.c 282 KB