projects / firefly-linux-kernel-4.4.55.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Btrfs: fix a double free on pending snapshots in error handling
[firefly-linux-kernel-4.4.55.git] / fs / btrfs / ioctl.c
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 8fcf9a59c28d08c5c8a6c65e34844e321ca2b66c..e262cd8c4a7d9132880ab75ad5ca4adf63f86f20 100644 (file)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -571,8 +571,12 @@ static int create_snapshot(struct btrfs_root *root, struct dentry *dentry,
                ret = btrfs_commit_transaction(trans,
                                               root->fs_info->extent_root);
        }
-       if (ret)
+       if (ret) {
+               /* cleanup_transaction has freed this for us */
+               if (trans->aborted)
+                       pending_snapshot = NULL;
                goto fail;
+       }
 
        ret = pending_snapshot->error;
        if (ret)
@@ -1409,7 +1413,7 @@ static noinline int btrfs_ioctl_resize(struct btrfs_root *root,
                btrfs_commit_transaction(trans, root);
        } else if (new_size < old_size) {
                ret = btrfs_shrink_device(device, new_size);
-       }
+       } /* equal, nothing need to do */
 
 out_free:
        kfree(vol_args);
Unnamed repository; edit this file 'description' to name the repository.