• Xiyu Yang's avatar
    btrfs: fix block group leak when removing fails · f6033c5e
    Xiyu Yang authored
    btrfs_remove_block_group() invokes btrfs_lookup_block_group(), which
    returns a local reference of the block group that contains the given
    bytenr to "block_group" with increased refcount.
    
    When btrfs_remove_block_group() returns, "block_group" becomes invalid,
    so the refcount should be decreased to keep refcount balanced.
    
    The reference counting issue happens in several exception handling paths
    of btrfs_remove_block_group(). When those error scenarios occur such as
    btrfs_alloc_path() returns NULL, the function forgets to decrease its
    refcnt increased by btrfs_lookup_block_group() and will cause a refcnt
    leak.
    
    Fix this issue by jumping to "out_put_group" label and calling
    btrfs_put_block_group() when those error scenarios occur.
    
    CC: stable@vger.kernel.org # 4.4+
    Signed-off-by: default avatarXiyu Yang <xiyuyang19@fudan.edu.cn>
    Signed-off-by: default avatarXin Tan <tanxin.ctf@gmail.com>
    Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
    Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
    f6033c5e
block-group.c 95.3 KB