libxfs: fix use after from in xfs_trans_roll

When porting the transaction alocation interface to userspace
(commit 9074815), I missed a change in xfs_trans_roll() that could
lead to a use after free. Coverity spotted it, so fix it.

Coverity-id: 1362812
Signed-off-by: Dave Chinner <david@fromorbit.com>

diff --git a/libxfs/trans.c b/libxfs/trans.c
index 521a049be80ead87ecaab7a0a7a95d9d80b19d47..a4d97829ebb0355222b8f1678189aee97609ba84 100644 (file)
--- a/libxfs/trans.c
+++ b/libxfs/trans.c
@@ -103,6 +103,7 @@ libxfs_trans_roll(
        struct xfs_trans        **tpp,
        struct xfs_inode        *dp)
 {
+       struct xfs_mount        *mp;
        struct xfs_trans        *trans;
        struct xfs_trans_res    tres;
        int                     error;
@@ -117,6 +118,7 @@ libxfs_trans_roll(
        /*
         * Copy the critical parameters from one trans to the next.
         */
+       mp = trans->t_mountp;
        tres.tr_logres = trans->t_log_res;
        tres.tr_logcount = trans->t_log_count;
 
@@ -141,7 +143,7 @@ libxfs_trans_roll(
         * the prior and the next transactions.
         */
        tres.tr_logflags = XFS_TRANS_PERM_LOG_RES;
-       error = libxfs_trans_alloc(trans->t_mountp, &tres, 0, 0, 0, tpp);
+       error = libxfs_trans_alloc(mp, &tres, 0, 0, 0, tpp);
        trans = *tpp;
        /*
         *  Ensure that the inode is in the new transaction and locked.