From: Darrick J. Wong <darrick.wong@oracle.com>
Date: Wed, 1 Aug 2018 22:06:44 +0000 (-0500)
Subject: xfs_scrub: destroy workqueues when erroring out
X-Git-Tag: v4.18.0-rc1~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=224df90245a9f407be2eea4935ecd79989338bb9;p=thirdparty%2Fxfsprogs-dev.git

xfs_scrub: destroy workqueues when erroring out

Fix a couple of code paths that forgot to tear down a workqueue when
erroring out, because if we don't the wq threads keep running even after
we've freed the wq memory.

Found by fuzzing core.nlinkv2=0 in xfs/377, but only because the fs will
shut down when it hits an error destroying the incore (corrupt) inode
after the scrub.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---

diff --git a/scrub/phase2.c b/scrub/phase2.c
index 025758376..faa01bf99 100644
--- a/scrub/phase2.c
+++ b/scrub/phase2.c
@@ -88,7 +88,7 @@ xfs_scan_metadata(
 	 */
 	moveon = xfs_scrub_primary_super(ctx);
 	if (!moveon)
-		return moveon;
+		goto out;
 
 	for (agno = 0; moveon && agno < ctx->geo.agcount; agno++) {
 		ret = workqueue_add(&wq, xfs_scan_ag_metadata, agno, &moveon);
diff --git a/scrub/vfs.c b/scrub/vfs.c
index a33ec8b4a..8bcc4e79d 100644
--- a/scrub/vfs.c
+++ b/scrub/vfs.c
@@ -196,7 +196,7 @@ scan_fs_tree(
 	if (ret) {
 		str_info(ctx, ctx->mntpoint,
 _("Could not queue directory scan work."));
-		goto out_free;
+		goto out_wq;
 	}
 
 	pthread_mutex_lock(&sft.lock);
@@ -206,6 +206,8 @@ _("Could not queue directory scan work."));
 	workqueue_destroy(&wq);
 
 	return sft.moveon;
+out_wq:
+	workqueue_destroy(&wq);
 out_free:
 	free(sftd->path);
 	free(sftd);