* [bug report] btrfs: refactor submit_compressed_extents()
@ 2021-10-06 8:54 Dan Carpenter
2021-10-06 12:13 ` David Sterba
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2021-10-06 8:54 UTC (permalink / raw)
To: wqu; +Cc: linux-btrfs
Hello Qu Wenruo,
The patch 36976f50745d: "btrfs: refactor submit_compressed_extents()"
from Sep 27, 2021, leads to the following Smatch static checker
warning:
fs/btrfs/inode.c:1066 submit_compressed_extents()
error: dereferencing freed memory 'async_extent'
fs/btrfs/inode.c
1050 static noinline void submit_compressed_extents(struct async_chunk *async_chunk)
1051 {
1052 struct btrfs_inode *inode = BTRFS_I(async_chunk->inode);
1053 struct btrfs_fs_info *fs_info = inode->root->fs_info;
1054 struct async_extent *async_extent;
1055 u64 alloc_hint = 0;
1056 int ret = 0;
1057
1058 while (!list_empty(&async_chunk->extents)) {
1059 async_extent = list_entry(async_chunk->extents.next,
1060 struct async_extent, list);
1061 list_del(&async_extent->list);
1062
1063 ret = submit_one_async_extent(inode, async_chunk, async_extent,
^^^^^^^^^^^^
Freed here.
1064 &alloc_hint);
1065 /* Just for developer */
--> 1066 btrfs_debug(fs_info,
1067 "async extent submission failed root=%lld inode=%llu start=%llu len=%llu ret=%d",
1068 inode->root->root_key.objectid,
1069 btrfs_ino(inode), async_extent->start,
^^^^^^^^^^^^^^^^^^^
1070 async_extent->ram_size, ret);
^^^^^^^^^^^^^^^^^^^^^^
Use after free.
1071 }
1072 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bug report] btrfs: refactor submit_compressed_extents()
2021-10-06 8:54 [bug report] btrfs: refactor submit_compressed_extents() Dan Carpenter
@ 2021-10-06 12:13 ` David Sterba
0 siblings, 0 replies; 2+ messages in thread
From: David Sterba @ 2021-10-06 12:13 UTC (permalink / raw)
To: Dan Carpenter; +Cc: wqu, linux-btrfs
On Wed, Oct 06, 2021 at 11:54:24AM +0300, Dan Carpenter wrote:
> Hello Qu Wenruo,
>
> The patch 36976f50745d: "btrfs: refactor submit_compressed_extents()"
> from Sep 27, 2021, leads to the following Smatch static checker
> warning:
>
> fs/btrfs/inode.c:1066 submit_compressed_extents()
> error: dereferencing freed memory 'async_extent'
>
> fs/btrfs/inode.c
> 1050 static noinline void submit_compressed_extents(struct async_chunk *async_chunk)
> 1051 {
> 1052 struct btrfs_inode *inode = BTRFS_I(async_chunk->inode);
> 1053 struct btrfs_fs_info *fs_info = inode->root->fs_info;
> 1054 struct async_extent *async_extent;
> 1055 u64 alloc_hint = 0;
> 1056 int ret = 0;
> 1057
> 1058 while (!list_empty(&async_chunk->extents)) {
> 1059 async_extent = list_entry(async_chunk->extents.next,
> 1060 struct async_extent, list);
> 1061 list_del(&async_extent->list);
> 1062
> 1063 ret = submit_one_async_extent(inode, async_chunk, async_extent,
> ^^^^^^^^^^^^
> Freed here.
>
> 1064 &alloc_hint);
> 1065 /* Just for developer */
> --> 1066 btrfs_debug(fs_info,
> 1067 "async extent submission failed root=%lld inode=%llu start=%llu len=%llu ret=%d",
> 1068 inode->root->root_key.objectid,
> 1069 btrfs_ino(inode), async_extent->start,
> ^^^^^^^^^^^^^^^^^^^
>
> 1070 async_extent->ram_size, ret);
> ^^^^^^^^^^^^^^^^^^^^^^
> Use after free.
Thanks for the report, fix on the way.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-10-06 12:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-06 8:54 [bug report] btrfs: refactor submit_compressed_extents() Dan Carpenter
2021-10-06 12:13 ` David Sterba
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.