forked from Mirrors/btrfs-progs
btrfs-progs: extent_io: Init eb->lru to avoid NULL pointer dereference
eb->lru is not initialized in __alloc_extent_buffer(), so in the following call chain, it could call NULL pointer dereference: btrfs_clone_extent_buffer() |- __alloc_extent_buffer() |- Now eb->lru is NULL (not initialized) free_extent_buffer_final() |- list_del_init(&eb->lru) Thankfully, current btrfs-progs won't trigger such bug as the only btrfs_clone_extent_buffer() user is paths_from_inode(), which is not used by anyone. (But due to the usefulness of that function in future offline scrub, I'd like to keep this dead code.) Anyway, initialize eb->lru in __alloc_extent_bufer() bring no harm. Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: Lu Fengqi <lufq.fnst@cn.fujitsu.com> Signed-off-by: David Sterba <dsterba@suse.com>master
parent
98d5d325a8
commit
43dea2af14
|
@ -564,6 +564,7 @@ static struct extent_buffer *__alloc_extent_buffer(struct extent_io_tree *tree,
|
|||
eb->cache_node.start = bytenr;
|
||||
eb->cache_node.size = blocksize;
|
||||
INIT_LIST_HEAD(&eb->recow);
|
||||
INIT_LIST_HEAD(&eb->lru);
|
||||
|
||||
return eb;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue