Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 38227933 authored by Josef Bacik's avatar Josef Bacik
Browse files

Btrfs: set trans to null in reserve_metadata_bytes if we commit the transaction 



btrfs_commit_transaction will free our trans, but because we pass trans to
shrink_delalloc we could possibly have a use after free situation.  So instead
if we commit the transaction, set trans to null and set committed to true so we
don't keep trying to commit a transaction.  This fixes a panic I could reproduce
at will.  Thanks,

Signed-off-by: default avatarJosef Bacik <josef@redhat.com>
parent 0e78340f

fs/btrfs/extent-tree.c

+6 −3
Original line number Diff line number Diff line
@@ -3157,6 +3157,7 @@ static int reserve_metadata_bytes(struct btrfs_trans_handle *trans, 
	int retries = 0;

	int ret = 0;

	bool reserved = false;

	bool committed = false;



again:

	ret = -ENOSPC;
@@ -3249,17 +3250,19 @@ static int reserve_metadata_bytes(struct btrfs_trans_handle *trans, 
		goto out;



	ret = -EAGAIN;

	if (trans)

	if (trans || committed)

		goto out;





	ret = -ENOSPC;

	trans = btrfs_join_transaction(root, 1);

	if (IS_ERR(trans))

		goto out;

	ret = btrfs_commit_transaction(trans, root);

	if (!ret)

	if (!ret) {

		trans = NULL;

		committed = true;

		goto again;

	}



out:

	if (reserved) {