In btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail if the
path is invalid. In this case, btrfs_get_dev_args_from_path() returns
directly without freeing args->uuid and args->fsid allocated before, which
causes memory leaks.
To fix these possible leaks, when btrfs_get_bdev_and_sb() fails,
btrfs_put_dev_args_from_path() is called to clean up the memory.
Fixes: faa775c41d655 ("btrfs: add a btrfs_get_dev_args_from_path helper")
Reported-by: TOTE Robot <[email protected]>
Signed-off-by: Zixuan Fu <[email protected]>
---
fs/btrfs/volumes.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 272901514b0c..064ab2a79c80 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -2345,8 +2345,11 @@ int btrfs_get_dev_args_from_path(struct btrfs_fs_info *fs_info,
ret = btrfs_get_bdev_and_sb(path, FMODE_READ, fs_info->bdev_holder, 0,
&bdev, &disk_super);
- if (ret)
+ if (ret) {
+ btrfs_put_dev_args_from_path(args);
return ret;
+ }
+
args->devid = btrfs_stack_device_id(&disk_super->dev_item);
memcpy(args->uuid, disk_super->dev_item.uuid, BTRFS_UUID_SIZE);
if (btrfs_fs_incompat(fs_info, METADATA_UUID))
--
2.25.1
On Mon, Aug 15, 2022 at 11:16:06PM +0800, Zixuan Fu wrote:
> In btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail if the
> path is invalid. In this case, btrfs_get_dev_args_from_path() returns
> directly without freeing args->uuid and args->fsid allocated before, which
> causes memory leaks.
>
> To fix these possible leaks, when btrfs_get_bdev_and_sb() fails,
> btrfs_put_dev_args_from_path() is called to clean up the memory.
>
> Fixes: faa775c41d655 ("btrfs: add a btrfs_get_dev_args_from_path helper")
> Reported-by: TOTE Robot <[email protected]>
> Signed-off-by: Zixuan Fu <[email protected]>
Reviewed-by: Boris Burkov <[email protected]>
> ---
> fs/btrfs/volumes.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
> index 272901514b0c..064ab2a79c80 100644
> --- a/fs/btrfs/volumes.c
> +++ b/fs/btrfs/volumes.c
> @@ -2345,8 +2345,11 @@ int btrfs_get_dev_args_from_path(struct btrfs_fs_info *fs_info,
>
> ret = btrfs_get_bdev_and_sb(path, FMODE_READ, fs_info->bdev_holder, 0,
> &bdev, &disk_super);
> - if (ret)
> + if (ret) {
> + btrfs_put_dev_args_from_path(args);
> return ret;
> + }
> +
> args->devid = btrfs_stack_device_id(&disk_super->dev_item);
> memcpy(args->uuid, disk_super->dev_item.uuid, BTRFS_UUID_SIZE);
> if (btrfs_fs_incompat(fs_info, METADATA_UUID))
> --
> 2.25.1
>
On Mon, Aug 15, 2022 at 11:16:06PM +0800, Zixuan Fu wrote:
> In btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail if the
> path is invalid. In this case, btrfs_get_dev_args_from_path() returns
> directly without freeing args->uuid and args->fsid allocated before, which
> causes memory leaks.
>
> To fix these possible leaks, when btrfs_get_bdev_and_sb() fails,
> btrfs_put_dev_args_from_path() is called to clean up the memory.
>
> Fixes: faa775c41d655 ("btrfs: add a btrfs_get_dev_args_from_path helper")
> Reported-by: TOTE Robot <[email protected]>
> Signed-off-by: Zixuan Fu <[email protected]>
Added to misc-next, thanks.