From: Filipe Manana <fdmanana@suse.com>
Date: Wed, 13 Mar 2024 11:37:31 +0000 (+0000)
Subject: btrfs: fix extent map leak in unexpected scenario at unpin_extent_cache()
X-Git-Tag: v6.8.3~52
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=487e6e62cce8c6fc5b03e3dfb24e686103cff0e8;p=thirdparty%2Fkernel%2Fstable.git

btrfs: fix extent map leak in unexpected scenario at unpin_extent_cache()

[ Upstream commit 8a565ec04d6c43f330e7401e5af3458431b29bc6 ]

At unpin_extent_cache() if we happen to find an extent map with an
unexpected start offset, we jump to the 'out' label and never release the
reference we added to the extent map through the call to
lookup_extent_mapping(), therefore resulting in a leak. So fix this by
moving the free_extent_map() under the 'out' label.

Fixes: c03c89f821e5 ("btrfs: handle errors returned from unpin_extent_cache()")
Reviewed-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c
index c02039db5d247..76378382dd8c4 100644
--- a/fs/btrfs/extent_map.c
+++ b/fs/btrfs/extent_map.c
@@ -342,9 +342,9 @@ int unpin_extent_cache(struct btrfs_inode *inode, u64 start, u64 len, u64 gen)
 		em->mod_len = em->len;
 	}
 
-	free_extent_map(em);
 out:
 	write_unlock(&tree->lock);
+	free_extent_map(em);
 	return ret;
 
 }