xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
876d2cf141b42f9be70a383502a324b64b23f33a
android_kernel_xiaomi_sm8450/fs
History
Liu Bo 876d2cf141 Btrfs: fix double free of fs root 
I got this warning while mounting a btrfs image,

[ 3020.509606] ------------[ cut here ]------------
[ 3020.510107] WARNING: CPU: 3 PID: 5581 at lib/idr.c:1051 ida_remove+0xca/0x190
[ 3020.510853] ida_remove called for id=42 which is not allocated.
[ 3020.511466] Modules linked in:
[ 3020.511802] CPU: 3 PID: 5581 Comm: mount Not tainted 4.7.0-rc5+ #274
[ 3020.512438] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191134- 04/01/2014
[ 3020.513385]  0000000000000286 0000000021295d86 ffff88006c66b8f0 ffffffff8182ba5a
[ 3020.514153]  0000000000000000 0000000000000009 ffff88006c66b930 ffffffff810e0ed7
[ 3020.514928]  0000041b00000000 ffffffff8289a8c0 ffff88007f437880 0000000000000000
[ 3020.515717] Call Trace:
[ 3020.515965]  [<ffffffff8182ba5a>] dump_stack+0xc9/0x13f
[ 3020.516487]  [<ffffffff810e0ed7>] __warn+0x147/0x160
[ 3020.517005]  [<ffffffff810e0f4f>] warn_slowpath_fmt+0x5f/0x80
[ 3020.517572]  [<ffffffff8182e6ca>] ida_remove+0xca/0x190
[ 3020.518075]  [<ffffffff813a2bcc>] free_anon_bdev+0x2c/0x60
[ 3020.518609]  [<ffffffff81657a9f>] free_fs_root+0x13f/0x160
[ 3020.519138]  [<ffffffff8165c679>] btrfs_get_fs_root+0x379/0x3d0
[ 3020.519710]  [<ffffffff81e6e975>] ? __mutex_unlock_slowpath+0x155/0x2c0
[ 3020.520366]  [<ffffffff816615b1>] open_ctree+0x2e91/0x3200
[ 3020.520965]  [<ffffffff8161ede2>] btrfs_mount+0x1322/0x15b0
[ 3020.521536]  [<ffffffff81e60e74>] ? kmemleak_alloc_percpu+0x44/0x170
[ 3020.522167]  [<ffffffff8115f5e1>] ? lockdep_init_map+0x61/0x210
[ 3020.522780]  [<ffffffff813a4f59>] mount_fs+0x49/0x2c0
[ 3020.523305]  [<ffffffff813d840c>] vfs_kern_mount+0xac/0x1b0
[ 3020.523872]  [<ffffffff8161dee1>] btrfs_mount+0x421/0x15b0
[ 3020.524402]  [<ffffffff81e60e74>] ? kmemleak_alloc_percpu+0x44/0x170
[ 3020.525045]  [<ffffffff8115f5e1>] ? lockdep_init_map+0x61/0x210
[ 3020.525657]  [<ffffffff8115f5e1>] ? lockdep_init_map+0x61/0x210
[ 3020.526289]  [<ffffffff813a4f59>] mount_fs+0x49/0x2c0
[ 3020.526803]  [<ffffffff813d840c>] vfs_kern_mount+0xac/0x1b0
[ 3020.527365]  [<ffffffff813dc27a>] do_mount+0x41a/0x1770
[ 3020.527899]  [<ffffffff812e800d>] ? strndup_user+0x6d/0xc0
[ 3020.528447]  [<ffffffff812e7f68>] ? memdup_user+0x78/0xb0
[ 3020.528987]  [<ffffffff813ddad0>] SyS_mount+0x150/0x160
[ 3020.529493]  [<ffffffff81e72b7c>] entry_SYSCALL_64_fastpath+0x1f/0xbd

It turns out that we free fs root twice, btrfs_init_fs_root() calls
free_anon_bdev(root->anon_dev) and later then btrfs_get_fs_root() cals
free_fs_root which does another free_anon_bdev() and it ends up with the
above warning.

Instead of reset root->anon_dev to 0 after free_anon_bdev(), we can let
btrfs_init_fs_root() return directly since its callers have already done
the free job by calling free_fs_root().

Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Reviewed-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2016-07-26 13:52:25 +02:00
..
9p
9p: use file_dentry()
2016-06-30 23:28:09 -04:00
adfs
fs/adfs/adfs.h: tidy up comments
2016-01-20 17:09:18 -08:00
affs
affs: fix remount failure when there are no options changed
2016-05-28 16:50:24 -07:00
afs
remove lots of IS_ERR_VALUE abuses
2016-05-27 15:26:11 -07:00
autofs4
autofs: don't get stuck in a loop if vfs_write() returns an error
2016-06-24 17:23:52 -07:00
befs
fs/befs/io.c:befs_bread(): remove unneeded initialization to NULL
2016-05-23 17:04:14 -07:00
bfs
more trivial ->iterate_shared conversions
2016-05-09 11:41:14 -04:00
btrfs
Btrfs: fix double free of fs root
2016-07-26 13:52:25 +02:00
cachefiles
FS-Cache: make check_consistency callback return int
2016-06-01 10:29:39 +02:00
ceph
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-07-01 15:20:11 -07:00
cifs
File names with trailing period or space need special case conversion
2016-06-24 12:05:52 -05:00
coda
introduce a parallel variant of ->iterate()
2016-05-02 19:49:29 -04:00
configfs
configfs_readdir(): make safe under shared lock
2016-05-09 11:41:13 -04:00
cramfs
more trivial ->iterate_shared conversions
2016-05-09 11:41:14 -04:00
crypto
fscrypto/f2fs: allow fs-specific key prefix for fs encryption
2016-05-07 10:32:33 -07:00
debugfs
debugfs: open_proxy_open(): avoid double fops release
2016-06-15 04:56:35 -07:00
devpts
devpts: Make each mount of devpts an independent filesystem.
2016-06-05 10:36:01 -07:00
dlm
mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros
2016-04-04 10:41:08 -07:00
ecryptfs
Merge branch 'stacking-fixes' (vfs stacking fixes from Jann)
2016-06-10 12:10:02 -07:00
efivarfs
fs/efivarfs/inode.c: use generic UUID library
2016-05-20 17:58:30 -07:00
efs
fs/efs/super.c: fix return value
2016-05-20 17:58:30 -07:00
exofs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2016-05-17 17:05:30 -07:00
exportfs
introduce a parallel variant of ->iterate()
2016-05-02 19:49:29 -04:00
ext2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-05-27 17:14:05 -07:00
ext4
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-05-27 17:14:05 -07:00
f2fs
switch xattr_handler->set() to passing dentry and inode separately
2016-05-27 15:39:43 -04:00
fat
Merge branch 'work.preadv2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-05-17 15:05:23 -07:00
freevxfs
more trivial ->iterate_shared conversions
2016-05-09 11:41:14 -04:00
fscache
FS-Cache: wake write waiter after invalidating writes
2016-06-01 10:29:09 +02:00
fuse
fuse: serialize dirops by default
2016-06-30 13:10:49 +02:00
gfs2
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-05-27 17:14:05 -07:00
hfs
switch ->setxattr() to passing dentry and inode separately
2016-05-27 20:09:16 -04:00
hfsplus
switch xattr_handler->set() to passing dentry and inode separately
2016-05-27 15:39:43 -04:00
hostfs
hostfs: switch to ->iterate_shared()
2016-05-12 19:49:30 -04:00
hpfs
hpfs: implement the show_options method
2016-05-28 16:50:24 -07:00
hugetlbfs
mm, fs: remove remaining PAGE_CACHE_* and page_cache_{get,release} usage
2016-04-04 10:41:08 -07:00
isofs
Merge branch 'ovl-fixes' into for-linus
2016-05-11 00:00:29 -04:00
jbd2
jbd2: get rid of superfluous __GFP_REPEAT
2016-06-24 17:23:52 -07:00
jffs2
switch xattr_handler->set() to passing dentry and inode separately
2016-05-27 15:39:43 -04:00
jfs
switch xattr_handler->set() to passing dentry and inode separately
2016-05-27 15:39:43 -04:00
kernfs
switch ->setxattr() to passing dentry and inode separately
2016-05-27 20:09:16 -04:00
lockd
lockd: unregister notifier blocks if the service fails to come up completely
2016-06-30 16:35:07 -04:00
logfs
logfs: no need to lock directory in lseek
2016-05-09 11:42:19 -04:00
minix
simple local filesystems: switch to ->iterate_shared()
2016-05-02 19:49:32 -04:00
ncpfs
mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros
2016-04-04 10:41:08 -07:00
nfs
NFS: Fix another OPEN_DOWNGRADE bug
2016-06-28 16:55:34 -04:00
nfs_common
nfsd
nfsd: check permissions when setting ACLs
2016-06-24 12:11:52 -04:00
nilfs2
fs/nilfs2: fix potential underflow in call to crc32_le
2016-06-24 17:23:52 -07:00
nls
notify
fsnotify: avoid spurious EMFILE errors from inotify_init()
2016-05-19 19:12:14 -07:00
ntfs
fs: simplify the generic_write_sync prototype
2016-05-01 19:58:39 -04:00
ocfs2
ocfs2: disable BUG assertions in reading blocks
2016-06-24 17:23:52 -07:00
omfs
more trivial ->iterate_shared conversions
2016-05-09 11:41:14 -04:00
openpromfs
more trivial ->iterate_shared conversions
2016-05-09 11:41:14 -04:00
orangefs
switch xattr_handler->set() to passing dentry and inode separately
2016-05-27 15:39:43 -04:00
overlayfs
ovl: warn instead of error if d_type is not supported
2016-07-03 09:39:31 +02:00
proc
Merge branch 'stacking-fixes' (vfs stacking fixes from Jann)
2016-06-10 12:10:02 -07:00
pstore
mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros
2016-04-04 10:41:08 -07:00
qnx4
more trivial ->iterate_shared conversions
2016-05-09 11:41:14 -04:00
qnx6
more trivial ->iterate_shared conversions
2016-05-09 11:41:14 -04:00
quota
fs/quota: use nla_put_u64_64bit()
2016-04-26 12:00:48 -04:00
ramfs
tmpfs/ramfs: fix VM_MAYSHARE mappings for NOMMU
2016-05-20 17:58:30 -07:00
reiserfs
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2016-06-19 07:05:14 -10:00
romfs
romfs, squashfs: switch to ->iterate_shared()
2016-05-09 11:41:15 -04:00
squashfs
romfs, squashfs: switch to ->iterate_shared()
2016-05-09 11:41:15 -04:00
sysfs
Merge tag 'chrome-platform-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/olof/chrome-platform
2015-11-13 21:53:18 -08:00
sysv
simple local filesystems: switch to ->iterate_shared()
2016-05-02 19:49:32 -04:00
tracefs
wrappers for ->i_mutex access
2016-01-22 18:04:28 -05:00
ubifs
UBIFS: Implement ->migratepage()
2016-06-23 00:29:53 +02:00
udf
udf: Use correct partition reference number for metadata
2016-05-19 13:00:35 +02:00
ufs
simple local filesystems: switch to ->iterate_shared()
2016-05-02 19:49:32 -04:00
xfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-05-27 17:14:05 -07:00
aio.c
aio: make aio_setup_ring killable
2016-05-23 17:04:14 -07:00
anon_inodes.c
attr.c
wrappers for ->i_mutex access
2016-01-22 18:04:28 -05:00
bad_inode.c
switch ->setxattr() to passing dentry and inode separately
2016-05-27 20:09:16 -04:00
binfmt_aout.c
fs: fix binfmt_aout.c build error
2016-05-28 16:34:59 -07:00
binfmt_elf_fdpic.c
coredump: fix dumping through pipes
2016-06-07 22:07:09 -04:00
binfmt_elf.c
coredump: fix dumping through pipes
2016-06-07 22:07:09 -04:00
binfmt_em86.c
binfmt_flat.c
remove lots of IS_ERR_VALUE abuses
2016-05-27 15:26:11 -07:00
binfmt_misc.c
wrappers for ->i_mutex access
2016-01-22 18:04:28 -05:00
binfmt_script.c
block_dev.c
Merge tag 'dax-misc-for-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
2016-05-26 19:34:26 -07:00
buffer.c
mm, page_alloc: avoid looking up the first zone in a zonelist twice
2016-05-19 19:12:14 -07:00
char_dev.c
chrdev: emit a warning when we go below dynamic major range
2016-03-29 10:11:44 -07:00
compat_binfmt_elf.c
compat_ioctl.c
Merge 4.5-rc4 into char-misc-next
2016-02-14 14:25:59 -08:00
compat.c
Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
2016-05-24 12:55:26 -07:00
coredump.c
coredump: fix dumping through pipes
2016-06-07 22:07:09 -04:00
dax.c
dax: fix offset overflow in dax_io
2016-06-27 12:18:44 -07:00
dcache.c
fix idiotic braino in d_alloc_parallel()
2016-06-20 10:07:42 -04:00
dcookies.c
direct-io.c
direct-io: fix direct write stale data exposure from concurrent buffered read
2016-05-27 14:49:37 -07:00
drop_caches.c
eventfd.c
eventfd: document lockless access in eventfd_poll
2016-03-22 15:36:02 -07:00
eventpoll.c
fs: poll/select/recvmmsg: use timespec64 for timeout events
2016-05-19 19:12:14 -07:00
exec.c
exec: make exec path waiting for mmap_sem killable
2016-05-23 17:04:14 -07:00
fcntl.c
fcntl: allow to set O_DIRECT flag on pipe
2016-01-09 02:55:37 -05:00
fhandle.c
fs/coredump: prevent fsuid=0 dumps into user-controlled directories
2016-03-22 15:36:02 -07:00
file_table.c
file.c
give readdir(2)/getdents(2)/etc. uniform exclusion with lseek()
2016-05-02 19:49:28 -04:00
filesystems.c
find_filesystem(): simplify comparison
2016-01-19 12:02:23 -05:00
fs_pin.c
fs_struct.c
fs-writeback.c
mm,writeback: don't use memory reserves for wb_start_writeback
2016-05-20 17:58:30 -07:00
inode.c
parallel lookups: actual switch to rwsem
2016-05-02 19:49:28 -04:00
internal.h
much milder d_walk() race
2016-06-10 11:32:47 -04:00
ioctl.c
wrappers for ->i_mutex access
2016-01-22 18:04:28 -05:00
Kconfig
dax: Make huge page handling depend of CONFIG_BROKEN
2016-05-19 15:13:17 -06:00
Kconfig.binfmt
ELF/MIPS build fix
2016-05-23 17:04:14 -07:00
libfs.c
lockless next_positive()
2016-06-20 17:11:29 -04:00
locks.c
locks: use file_inode()
2016-07-01 10:24:18 -04:00
Makefile
Merge tag 'ofs-pull-tag-1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux
2016-03-26 12:59:04 -07:00
mbcache.c
mbcache: add reusable flag to cache entries
2016-02-22 22:44:04 -05:00
mount.h
mpage.c
mm, fs: remove remaining PAGE_CACHE_* and page_cache_{get,release} usage
2016-04-04 10:41:08 -07:00
namei.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-06-07 20:41:36 -07:00
namespace.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-07-01 15:20:11 -07:00
no-block.c
nsfs.c
open.c
Merge branch 'work.const-path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-05-17 14:41:03 -07:00
pipe.c
mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros
2016-04-04 10:41:08 -07:00
pnode.c
propogate_mnt: Handle the first propogated copy being a slave
2016-05-05 09:54:45 -05:00
pnode.h
posix_acl.c
posix_acl: Add set_posix_acl
2016-06-24 12:11:34 -04:00
proc_namespace.c
vfs: show_vfsstat: do not ignore errors from show_devname method
2016-03-16 13:09:08 -04:00
read_write.c
Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-05-18 11:46:23 -07:00
readdir.c
restore killability of old mutex_lock_killable(&inode->i_mutex) users
2016-05-26 00:13:25 -04:00
select.c
fs: poll/select/recvmmsg: use timespec64 for timeout events
2016-05-19 19:12:14 -07:00
seq_file.c
Make file credentials available to the seqfile interfaces
2016-04-14 12:56:09 -07:00
signalfd.c
splice.c
Merge branch 'ovl-fixes' into for-linus
2016-05-11 00:00:29 -04:00
stack.c
stat.c
fs/stat.c: drop the last new_valid_dev check
2016-01-16 11:17:23 -08:00
statfs.c
super.c
Merge branch 'master' into for-next
2016-04-18 11:18:55 +02:00
sync.c
mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros
2016-04-04 10:41:08 -07:00
timerfd.c
timerfd: Handle relative timers with CONFIG_TIME_LOW_RES proper
2016-01-17 11:13:55 +01:00
userfaultfd.c
userfaultfd: don't pin the user memory in userfaultfd_file_create()
2016-05-20 17:58:30 -07:00
utimes.c
wrappers for ->i_mutex access
2016-01-22 18:04:28 -05:00
xattr.c
switch ->setxattr() to passing dentry and inode separately
2016-05-27 20:09:16 -04:00