Skip to content

Commit 669e859

Browse files
Dan Carpenterkdave
Dan Carpenter
authored and
kdave
committed
btrfs: drop the lock on error in btrfs_dev_replace_cancel
We should drop the lock on this error path. This has been found by a static tool. The lock needs to be released, it's there to protect access to the dev_replace members and is not supposed to be left locked. The value of state that's being switched would need to be artifically changed to an invalid value so the default: branch is taken. Fixes: d189dd7 ("btrfs: fix use-after-free due to race between replace start and cancel") CC: stable@vger.kernel.org # 5.0+ Reviewed-by: Anand Jain <anand.jain@oracle.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
1 parent 349ae63 commit 669e859

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

fs/btrfs/dev-replace.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -862,6 +862,7 @@ int btrfs_dev_replace_cancel(struct btrfs_fs_info *fs_info)
862862
btrfs_destroy_dev_replace_tgtdev(tgt_device);
863863
break;
864864
default:
865+
up_write(&dev_replace->rwsem);
865866
result = -EINVAL;
866867
}
867868

0 commit comments

Comments
 (0)