The origin code dealt with 'ref' as following steps: |->list_del(&ref-list) |->some operations |->kfree(ref)
If operations failed, it would goto label 'out' without freeing this 'ref'. and then memory leak would happen.Just move list_del() after kfree() will fix the problem. Signed-off-by: Wang Shilong <wangsl.f...@cn.fujitsu.com> Reviewed-by: Miao Xie <mi...@cn.fujitsu.com> --- V1->V2: add explanations to changelog --- fs/btrfs/backref.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index 68048d6..7b55c95 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -911,7 +911,6 @@ again: while (!list_empty(&prefs)) { ref = list_first_entry(&prefs, struct __prelim_ref, list); - list_del(&ref->list); WARN_ON(ref->count < 0); if (ref->count && ref->root_id && ref->parent == 0) { /* no parent == root of tree */ @@ -956,6 +955,7 @@ again: eie->next = ref->inode_list; } } + list_del(&ref->list); kfree(ref); } -- 1.8.0.1 -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html