nilfs2: fix buffer head leak in nilfs_btnode_submit_block
nilfs_btnode_submit_block() refers to buffer head just before returning from the function, but it releases the buffer head earlier than that if nilfs_dat_translate() gets an error. This has potential for oops in the erroneous case. This fixes the issue. Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
This commit is contained in:
parent
7c397a81fe
commit
f8e6cc013b
|
@ -100,6 +100,7 @@ int nilfs_btnode_submit_block(struct address_space *btnc, __u64 blocknr,
|
|||
{
|
||||
struct buffer_head *bh;
|
||||
struct inode *inode = NILFS_BTNC_I(btnc);
|
||||
struct page *page;
|
||||
int err;
|
||||
|
||||
bh = nilfs_grab_buffer(inode, btnc, blocknr, 1 << BH_NILFS_Node);
|
||||
|
@ -107,6 +108,7 @@ int nilfs_btnode_submit_block(struct address_space *btnc, __u64 blocknr,
|
|||
return -ENOMEM;
|
||||
|
||||
err = -EEXIST; /* internal code */
|
||||
page = bh->b_page;
|
||||
|
||||
if (buffer_uptodate(bh) || buffer_dirty(bh))
|
||||
goto found;
|
||||
|
@ -143,8 +145,8 @@ found:
|
|||
*pbh = bh;
|
||||
|
||||
out_locked:
|
||||
unlock_page(bh->b_page);
|
||||
page_cache_release(bh->b_page);
|
||||
unlock_page(page);
|
||||
page_cache_release(page);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue