btrfs-progs: extent_io: Init eb->lru to avoid NULL pointer dereference

eb->lru is not initialized in __alloc_extent_buffer(), so in the following call chain, it could call NULL pointer dereference: btrfs_clone_extent_buffer() |- __alloc_extent_buffer() |- Now eb->lru is NULL (not initialized) free_extent_buffer_final() |- list_del_init(&eb->lru) Thankfully, current btrfs-progs won't trigger such bug as the only btrfs_clone_extent_buffer() user is paths_from_inode(), which is not used by anyone. (But due to the usefulness of that function in future offline scrub, I'd like to keep this dead code.) Anyway, initialize eb->lru in __alloc_extent_bufer() bring no harm. Signed-off-by: Qu Wenruo <wqu@suse.com> Reviewed-by: Lu Fengqi <lufq.fnst@cn.fujitsu.com> Signed-off-by: David Sterba <dsterba@suse.com>
author: Qu Wenruo <wqu@suse.com> 2018-03-30 13:48:54 +0800
committer: David Sterba <dsterba@suse.com> 2018-04-24 13:00:11 +0200
commit: 43dea2af140fe21111e7ce8491cad2724d73b2d4 (patch)
tree: eefd5f919244cb5b9632cc7e52bfca6a2aeced38
parent: 98d5d325a887b6c061096c141eef10755762bbcf (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/extent_io.c b/extent_io.c
index 986ad5c0..31177823 100644
--- a/extent_io.c
+++ b/extent_io.c
@@ -564,6 +564,7 @@ static struct extent_buffer *__alloc_extent_buffer(struct extent_io_tree *tree,
 	eb->cache_node.start = bytenr;
 	eb->cache_node.size = blocksize;
 	INIT_LIST_HEAD(&eb->recow);
+	INIT_LIST_HEAD(&eb->lru);
 
 	return eb;
 }
author	Qu Wenruo <wqu@suse.com>	2018-03-30 13:48:54 +0800
committer	David Sterba <dsterba@suse.com>	2018-04-24 13:00:11 +0200
commit	43dea2af140fe21111e7ce8491cad2724d73b2d4 (patch)
tree	eefd5f919244cb5b9632cc7e52bfca6a2aeced38
parent	98d5d325a887b6c061096c141eef10755762bbcf (diff)