btrfs-progs: extent_io: Init eb->lru to avoid NULL pointer dereference

eb->lru is not initialized in __alloc_extent_buffer(), so in the following call chain, it could call NULL pointer dereference: btrfs_clone_extent_buffer() |- __alloc_extent_buffer() |- Now eb->lru is NULL (not initialized) free_extent_buffer_final() |- list_del_init(&eb->lru) Thankfully, current btrfs-progs won't trigger such bug as the only btrfs_clone_extent_buffer() user is paths_from_inode(), which is not used by anyone. (But due to the usefulness of that function in future offline scrub, I'd like to keep this dead code.) Anyway, initialize eb->lru in __alloc_extent_bufer() bring no harm. Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: Lu Fengqi <lufq.fnst@cn.fujitsu.com> Signed-off-by: David Sterba <dsterba@suse.com>
2018-03-30 13:48:54 +08:00 · 2018-03-30 13:48:54 +08:00 · 43dea2af14
parent 98d5d325a8
commit 43dea2af14
1 changed files with 1 additions and 0 deletions
--- a/extent_io.c
+++ b/extent_io.c
@ -564,6 +564,7 @@ static struct extent_buffer *__alloc_extent_buffer(struct extent_io_tree *tree,
 	eb->cache_node.start = bytenr;
 	eb->cache_node.size = blocksize;
 	INIT_LIST_HEAD(&eb->recow);
+	INIT_LIST_HEAD(&eb->lru);

 	return eb;
 }