Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3870384ybz; Mon, 4 May 2020 11:13:26 -0700 (PDT) X-Google-Smtp-Source: APiQypJ3Kl/IVo7cBJqWmSztxP5fa5WZJXHekyjfZfnlbLYTjYr46fADbm8rHwSdrIZjUqNj3dtc X-Received: by 2002:a50:fb92:: with SMTP id e18mr15390269edq.177.1588616006083; Mon, 04 May 2020 11:13:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588616006; cv=none; d=google.com; s=arc-20160816; b=jYyqaOYkBJtTHFIpRa1VVTGWT11/hwhxMT1i8rUl8AB7HN/fXxWRruo6zjf5NuUbZW MclYzENUAPkwj72Ftko1RzKyL7EEPE3W6zXWVmFyF35rKAHtie5eG6Qy8tWT8F5+ZYjh MEXFuGiIpmH3JRo7A4DSUwh7ypvJEvSFQmSh6pbdwXqm8K4YmrqBraQ8DPp+rkQPRWpT mxejGC7cKUbB7swfs7HBM3HAXoL2izUMszSN2O2vYs3FfE4ObyxZ1zwTRAoGdDF2QpLA lTQPdnbkbZz73svcrqDPB7FLADE884G0xFLDQqNsNDoZ3DvSE67UDcrD3bzdQPHaPHfS Tr9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=lbkarCgd7nyviBP7Bl/gCdDr2qdbDXCBh0MAMLQiucI=; b=Hnd2XmC7pWRNzphddAz5fv2s2yV0NwRFqpfBKobBQLUGvSRmhwlwYi542JjN+zsxlD 2G2Q+6A88coN5oMKAKiAcXxnxuSnm/PINns2mxo7tIs457WOZR2k7v/jk6VXUdJgKxvW zopiE6c2t+sCyAQQ54I/B1cUre6wY4khW7q1S5A0sYcSwv3yOiq87lF9M6D6pK7+8HRP 1BPMOWpxxCTueYJxBjnCBIMMuqIgdWFc+wn0ObogPGdL3BGsEVrpJh6JJC9UBzrXN33l 9QZZ9kPW9sfKfuJtpPi53t1kSrMoRC+BBea6G13kgE+7zMNKkqz8iyudHJ3Cb319ftlB ZvuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2JGLZWsY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s26si6624636edq.433.2020.05.04.11.13.01; Mon, 04 May 2020 11:13:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=2JGLZWsY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732339AbgEDSKe (ORCPT + 99 others); Mon, 4 May 2020 14:10:34 -0400 Received: from mail.kernel.org ([198.145.29.99]:34950 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731782AbgEDSFO (ORCPT ); Mon, 4 May 2020 14:05:14 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 99D53206B8; Mon, 4 May 2020 18:05:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1588615514; bh=o4bXWZrQJV80Xcf2zwTBo3dnICBBFbRYrxHVjZPcjNA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2JGLZWsYCjyxp1mZ45OB4Ca/x7IHWCT0C3Q/rq5NRJ826v8kWOpywTUmUFibJBgIV oM/b5svi0bcsXIKNYa95+fEitP3iqiRF98B4gOnc9VriB365qNpptD8Am9ce1/RpYN SowSKpfn/YchMy5Ux3GPMkc7JY49cluVLBuyN12c= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Filipe Manana , Xiyu Yang , Xin Tan , David Sterba Subject: [PATCH 5.6 12/73] btrfs: fix transaction leak in btrfs_recover_relocation Date: Mon, 4 May 2020 19:57:15 +0200 Message-Id: <20200504165504.238322681@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200504165501.781878940@linuxfoundation.org> References: <20200504165501.781878940@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Xiyu Yang commit 1402d17dfd9657be0da8458b2079d03c2d61c86a upstream. btrfs_recover_relocation() invokes btrfs_join_transaction(), which joins a btrfs_trans_handle object into transactions and returns a reference of it with increased refcount to "trans". When btrfs_recover_relocation() returns, "trans" becomes invalid, so the refcount should be decreased to keep refcount balanced. The reference counting issue happens in one exception handling path of btrfs_recover_relocation(). When read_fs_root() failed, the refcnt increased by btrfs_join_transaction() is not decreased, causing a refcnt leak. Fix this issue by calling btrfs_end_transaction() on this error path when read_fs_root() failed. Fixes: 79787eaab461 ("btrfs: replace many BUG_ONs with proper error handling") CC: stable@vger.kernel.org # 4.4+ Reviewed-by: Filipe Manana Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/relocation.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -4614,6 +4614,7 @@ int btrfs_recover_relocation(struct btrf if (IS_ERR(fs_root)) { err = PTR_ERR(fs_root); list_add_tail(&reloc_root->root_list, &reloc_roots); + btrfs_end_transaction(trans); goto out_unset; }