From patchwork Sun Apr 20 13:17:53 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Rakesh Pandit <rakesh@tuxera.com>
X-Patchwork-Id: 4021521
X-Patchwork-Delegate: dave@jikos.cz
Return-Path: <linux-btrfs-owner@kernel.org>
X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 1FE7DBFF02
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Sun, 20 Apr 2014 13:18:04 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 15A9020222
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Sun, 20 Apr 2014 13:18:03 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 3D4BD2021A
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Sun, 20 Apr 2014 13:18:01 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755438AbaDTNR6 (ORCPT
	<rfc822;patchwork-linux-btrfs@patchwork.kernel.org>);
	Sun, 20 Apr 2014 09:17:58 -0400
Received: from nbl-ex10-fe02.nebula.fi ([188.117.32.122]:26829 "EHLO
	ex10.nebula.fi" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
	with ESMTP id S1755321AbaDTNR4 (ORCPT
	<rfc822;linux-btrfs@vger.kernel.org>);
	Sun, 20 Apr 2014 09:17:56 -0400
Received: from hercules.tuxera.com (88.195.159.123) by ex10.nebula.fi
	(188.117.32.115) with Microsoft SMTP Server (TLS) id 14.3.174.1;
	Sun, 20 Apr 2014 16:17:54 +0300
Date: Sun, 20 Apr 2014 16:17:53 +0300
From: Rakesh Pandit <rakesh@tuxera.com>
To: <linux-btrfs@vger.kernel.org>
Subject: [PATCH] Btrfs-progs: fsck: fix double free memory crash
Message-ID: <20140420131751.GA5921@hercules.tuxera.com>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Originating-IP: [88.195.159.123]
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org
X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Fix double free of memory if btrfs_open_devices fails:
*** Error in `btrfs': double free or corruption (fasttop): 0x000000000066e020 ***

Crash happened because when open failed on device inside
btrfs_open_devices it freed all memory by calling btrfs_close_devices but
inside disk-io.c we call btrfs_close_again it again.

Signed-off-by: Rakesh Pandit <rakesh@tuxera.com>
---
 disk-io.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/disk-io.c b/disk-io.c
index 19b95a7..8db0335 100644
--- a/disk-io.c
+++ b/disk-io.c
@@ -1091,8 +1091,7 @@ static struct btrfs_fs_info *__open_ctree_fd(int fp, const char *path,
 
 	ret = btrfs_open_devices(fs_devices, oflags);
 	if (ret)
-		goto out_devices;
-
+		goto out;
 
 	disk_super = fs_info->super_copy;
 	if (!(flags & OPEN_CTREE_RECOVER_SUPER))