xfs: fix uninitialized list head in struct xfs_refcount_recovery

Source kernel commit: c1ccf967bf962b998f0c096e06a658ece27d10a0

We're supposed to initialize the list head of an object before adding it
to another list.  Fix that, and stop using the kmem_{alloc,free} calls
from the Irix days.

Fixes: 174edb0e46e5 ("xfs: store in-progress CoW allocations in the refcount btree")
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Carlos Maiolino <cem@kernel.org>

diff --git a/include/kmem.h b/include/kmem.h
index 20e4bfe3c0a855da674a1d14cd6b6f0e01ef1950..8ae919c706619dbaf710efe2d3a28ef7d9a39d77 100644 (file)
--- a/include/kmem.h
+++ b/include/kmem.h
@@ -60,4 +60,14 @@ kmem_free(const void *ptr) {
 
 extern void    *krealloc(void *, size_t, int);
 
+static inline void *kmalloc(size_t size, gfp_t flags)
+{
+       return kvmalloc(size, flags);
+}
+
+static inline void kfree(const void *ptr)
+{
+       return kmem_free(ptr);
+}
+
 #endif

diff --git a/libxfs/xfs_refcount.c b/libxfs/xfs_refcount.c
index 52983aeef11b2e16f6339825a8b5fcc86bd82264..0a934aecc6cbea23807f1ec488a5823495115547 100644 (file)
--- a/libxfs/xfs_refcount.c
+++ b/libxfs/xfs_refcount.c
@@ -1766,12 +1766,14 @@ xfs_refcount_recover_extent(
                           be32_to_cpu(rec->refc.rc_refcount) != 1))
                return -EFSCORRUPTED;
 
-       rr = kmem_alloc(sizeof(struct xfs_refcount_recovery), 0);
+       rr = kmalloc(sizeof(struct xfs_refcount_recovery),
+                       GFP_KERNEL | __GFP_NOFAIL);
+       INIT_LIST_HEAD(&rr->rr_list);
        xfs_refcount_btrec_to_irec(rec, &rr->rr_rrec);
 
        if (XFS_IS_CORRUPT(cur->bc_mp,
                           rr->rr_rrec.rc_domain != XFS_REFC_DOMAIN_COW)) {
-               kmem_free(rr);
+               kfree(rr);
                return -EFSCORRUPTED;
        }
 
@@ -1858,7 +1860,7 @@ xfs_refcount_recover_cow_leftovers(
                        goto out_free;
 
                list_del(&rr->rr_list);
-               kmem_free(rr);
+               kfree(rr);
        }
 
        return error;
@@ -1868,7 +1870,7 @@ out_free:
        /* Free the leftover list */
        list_for_each_entry_safe(rr, n, &debris, rr_list) {
                list_del(&rr->rr_list);
-               kmem_free(rr);
+               kfree(rr);
        }
        return error;
 }