From: Filipe Manana <fdmanana@suse.com>
Date: Mon, 3 Jul 2023 17:15:30 +0000 (+0100)
Subject: btrfs: fix double iput() on inode after an error during orphan cleanup
X-Git-Tag: v6.6.7~2168^2~24
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b777d279ff31979add57e8a3f810bceb7ef0cfb7;p=platform%2Fkernel%2Flinux-starfive.git

btrfs: fix double iput() on inode after an error during orphan cleanup

At btrfs_orphan_cleanup(), if we were able to find the inode, we do an
iput() on the inode, then if btrfs_drop_verity_items() succeeds and then
either btrfs_start_transaction() or btrfs_del_orphan_item() fail, we do
another iput() in the respective error paths, resulting in an extra iput()
on the inode.

Fix this by setting inode to NULL after the first iput(), as iput()
ignores a NULL inode pointer argument.

Fixes: a13bb2c03848 ("btrfs: add missing iputs on orphan cleanup failure")
CC: stable@vger.kernel.org # 6.4
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---

diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index dbbb672..d919318 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -3728,6 +3728,7 @@ int btrfs_orphan_cleanup(struct btrfs_root *root)
 			if (!ret) {
 				ret = btrfs_drop_verity_items(BTRFS_I(inode));
 				iput(inode);
+				inode = NULL;
 				if (ret)
 					goto out;
 			}