[PATCH next] btrfs: selftests: prevent error pointer dereference in merge_tests()
From: Dan Carpenter
Date: Fri Dec 06 2024 - 07:26:58 EST
Passing an error pointer to btrfs_unselect_ref_head() will cause an
Oops so change the error checking from a NULL check to a
!IS_ERR_OR_NULL(head) check.
The error pointer comes from btrfs_select_ref_head(). If we
successfully select the head, then we have to unselect it. The select
function is called six times and five of them change the error pointers
to NULL, but one call was accidentally missed.
Fixes: fa3dda44871b ("btrfs: selftests: add delayed ref self test cases")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
fs/btrfs/tests/delayed-refs-tests.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/fs/btrfs/tests/delayed-refs-tests.c b/fs/btrfs/tests/delayed-refs-tests.c
index 9b469791c20a..f9b5c4f07a6a 100644
--- a/fs/btrfs/tests/delayed-refs-tests.c
+++ b/fs/btrfs/tests/delayed-refs-tests.c
@@ -406,7 +406,6 @@ static int merge_tests(struct btrfs_trans_handle *trans,
PTR_ERR(head));
else
test_err("failed to find delayed ref head");
- head = NULL;
goto out;
}
@@ -457,7 +456,6 @@ static int merge_tests(struct btrfs_trans_handle *trans,
PTR_ERR(head));
else
test_err("failed to find delayed ref head");
- head = NULL;
goto out;
}
@@ -590,7 +588,6 @@ static int merge_tests(struct btrfs_trans_handle *trans,
PTR_ERR(head));
else
test_err("failed to find delayed ref head");
- head = NULL;
ret = -EINVAL;
goto out;
}
@@ -662,7 +659,6 @@ static int merge_tests(struct btrfs_trans_handle *trans,
else
test_err("failed to find delayed ref head");
ret = -EINVAL;
- head = NULL;
goto out;
}
@@ -747,7 +743,6 @@ static int merge_tests(struct btrfs_trans_handle *trans,
PTR_ERR(head));
else
test_err("failed to find delayed ref head");
- head = NULL;
ret = -EINVAL;
goto out;
}
@@ -769,7 +764,7 @@ static int merge_tests(struct btrfs_trans_handle *trans,
}
ret = 0;
out:
- if (head)
+ if (!IS_ERR_OR_NULL(head))
btrfs_unselect_ref_head(&trans->transaction->delayed_refs, head);
btrfs_destroy_delayed_refs(trans->transaction);
return ret;
--
2.45.2