@@ -2436,7 +2436,10 @@ int btrfs_remove_free_space(struct btrfs_block_group *block_group,
info->offset += to_free;
if (info->bytes) {
ret = link_free_space(ctl, info);
- WARN_ON(ret);
+ if (ret) {
+ kmem_cache_free(btrfs_free_space_cachep, info);
+ goto out_lock;
+ }
} else {
kmem_cache_free(btrfs_free_space_cachep, info);
}
@@ -2449,7 +2452,6 @@ int btrfs_remove_free_space(struct btrfs_block_group *block_group,
info->bytes = offset - info->offset;
ret = link_free_space(ctl, info);
- WARN_ON(ret);
if (ret)
goto out_lock;
The return value of link_free_space is checked out-sync. One branch of an if statement uses an extra check after WARN_ON() but its peer branch does not. WARN_ON() does not change the control flow, thus only using this check might be insufficient. Fix this by simply adding a check on ret. The repeated kmem_cache_free branches have not been merged because this will influence the original control flow. If the control flow does not step into the if (ret) branch, then we actually need not to free memory again. Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> -- Changes in v3: - Remove WARN_ON after link_free_space --- fs/btrfs/free-space-cache.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)