On 19.02.19 г. 4:56 ч., Dan Robertson wrote:
> The scrub_ctx csum_list member must be initialized before
> scrub_free_ctx is called. If the csum_list is not initialized
> beforehand, the list_empty call in scrub_free_csums will result
> in a null deref.
>
> Signed-off-by: Dan Robertson <dan@xxxxxxxxxxxxxxx>
Reviewed-by: Nikolay Borisov <nborisov@xxxxxxxx>
> ---
> fs/btrfs/scrub.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
> index 6dcd36d7b849..1e08ad1fe2aa 100644
> --- a/fs/btrfs/scrub.c
> +++ b/fs/btrfs/scrub.c
> @@ -584,6 +584,7 @@ static noinline_for_stack struct scrub_ctx *scrub_setup_ctx(
> sctx->pages_per_rd_bio = SCRUB_PAGES_PER_RD_BIO;
> sctx->curr = -1;
> sctx->fs_info = fs_info;
> + INIT_LIST_HEAD(&sctx->csum_list);
> for (i = 0; i < SCRUB_BIOS_PER_SCTX; ++i) {
> struct scrub_bio *sbio;
>
> @@ -608,7 +609,6 @@ static noinline_for_stack struct scrub_ctx *scrub_setup_ctx(
> atomic_set(&sctx->workers_pending, 0);
> atomic_set(&sctx->cancel_req, 0);
> sctx->csum_size = btrfs_super_csum_size(fs_info->super_copy);
> - INIT_LIST_HEAD(&sctx->csum_list);
>
> spin_lock_init(&sctx->list_lock);
> spin_lock_init(&sctx->stat_lock);
>
