Eric Sandeen
2014-08-01 15:11:07 UTC
xlog_recover_process_data() frees the transaction on
any error out of the oh_flags switch statement, but
in the XLOG_COMMIT_TRANS / xlog_recover_commit_trans() case,
the transaction has already been freed in
xlog_recover_commit_trans() before the error is returned.
Avoid this by only freeing the transaction in
xlog_recover_commit_trans() if no error will be returned.
(Coverity spotted this)
Signed-off-by: Eric Sandeen <***@redhat.com>
---
diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
index 981af0f..e634ffd 100644
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -3514,9 +3514,11 @@ out:
if (!list_empty(&done_list))
list_splice_init(&done_list, &trans->r_itemq);
- xlog_recover_free_trans(trans);
-
error2 = xfs_buf_delwri_submit(&buffer_list);
+ /* caller will free trans on error */
+ if (!error && !error2)
+ xlog_recover_free_trans(trans);
+
return error ? error : error2;
}
any error out of the oh_flags switch statement, but
in the XLOG_COMMIT_TRANS / xlog_recover_commit_trans() case,
the transaction has already been freed in
xlog_recover_commit_trans() before the error is returned.
Avoid this by only freeing the transaction in
xlog_recover_commit_trans() if no error will be returned.
(Coverity spotted this)
Signed-off-by: Eric Sandeen <***@redhat.com>
---
diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
index 981af0f..e634ffd 100644
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -3514,9 +3514,11 @@ out:
if (!list_empty(&done_list))
list_splice_init(&done_list, &trans->r_itemq);
- xlog_recover_free_trans(trans);
-
error2 = xfs_buf_delwri_submit(&buffer_list);
+ /* caller will free trans on error */
+ if (!error && !error2)
+ xlog_recover_free_trans(trans);
+
return error ? error : error2;
}