Attachment #364153 for bug #603620

View | Details | Raw Unified | Return to bug 603620
Collapse All | Expand All




After the roots are closed, root is freed. Yet close_ctree continues
to use it. It works generally because no new memory is allocated in
the interim, but with glibc malloc perturbing enabled, it crashes
every time. This is because root->fs_info points to garbage.
This patch uses the already-cached fs_info variable for the rest of
the accesses and fixes the crash.
--
disk-io.c |   10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
++ b/disk-io.c

	if (fs_info->csum_root->node)
		free_extent_buffer(fs_info->csum_root->node);

	if (fs_info->log_root_tree) {
		if (fs_info->log_root_tree->node)
			free_extent_buffer(fs_info->log_root_tree->node);
		free(fs_info->log_root_tree);
	}

	close_all_devices(fs_info);
	extent_io_tree_cleanup(&fs_info->extent_cache);
	extent_io_tree_cleanup(&fs_info->free_space_cache);
	extent_io_tree_cleanup(&fs_info->block_group_cache);

Return to bug 603620

Line Link Here

(-)file_not_specified_in_diff (-7 / +6 lines)
	After the roots are closed, root is freed. Yet close_ctree continues		After the roots are closed, root is freed. Yet close_ctree continues
1	to use it. It works generally because no new memory is allocated in	1	to use it. It works generally because no new memory is allocated in
2	the interim, but with glibc malloc perturbing enabled, it crashes	2	the interim, but with glibc malloc perturbing enabled, it crashes
3	every time. This is because root->fs_info points to garbage.	3	every time. This is because root->fs_info points to garbage.
4	This patch uses the already-cached fs_info variable for the rest of	4	This patch uses the already-cached fs_info variable for the rest of
5	the accesses and fixes the crash.	5	the accesses and fixes the crash.
6	--
7	disk-io.c \| 10 +++++-----	6	disk-io.c \| 10 +++++-----
8	1 file changed, 5 insertions(+), 5 deletions(-)	7	1 file changed, 5 insertions(+), 5 deletions(-)
9	-- a/disk-io.c	8	++ b/disk-io.c
Lines 971-983 int close_ctree(struct btrfs_root *root) Link Here
971	if (fs_info->csum_root->node)	971	if (fs_info->csum_root->node)
972	free_extent_buffer(fs_info->csum_root->node);	972	free_extent_buffer(fs_info->csum_root->node);
973		973
974	if (root->fs_info->log_root_tree) {	974	if (fs_info->log_root_tree) {
975	if (root->fs_info->log_root_tree->node)	975	if (fs_info->log_root_tree->node)
976	free_extent_buffer(root->fs_info->log_root_tree->node);	976	free_extent_buffer(fs_info->log_root_tree->node);
977	free(root->fs_info->log_root_tree);	977	free(fs_info->log_root_tree);
978	}	978	}
979		979
980	close_all_devices(root->fs_info);	980	close_all_devices(fs_info);
981	extent_io_tree_cleanup(&fs_info->extent_cache);	981	extent_io_tree_cleanup(&fs_info->extent_cache);
982	extent_io_tree_cleanup(&fs_info->free_space_cache);	982	extent_io_tree_cleanup(&fs_info->free_space_cache);
983	extent_io_tree_cleanup(&fs_info->block_group_cache);	983	extent_io_tree_cleanup(&fs_info->block_group_cache);