From 0eeff2362b829b5e80f8b69f86b60b8094bc742d Mon Sep 17 00:00:00 2001
From: Liu Bo
Date: Thu, 11 Jun 2015 14:16:44 +0800
Subject: Btrfs: fix use-after-free in btrfs_replay_log

@log_root_tree should not be referenced after kfree.

Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.cz>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Chris Mason <clm@fb.com>
---
 fs/btrfs/disk-io.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index 695363ae1c28..b7fa3bac2cff 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -2321,8 +2321,9 @@ static int btrfs_replay_log(struct btrfs_fs_info *fs_info,
 			fs_info->generation + 1);
 	if (IS_ERR(log_tree_root->node)) {
 		printk(KERN_ERR "BTRFS: failed to read log tree\n");
+		ret = PTR_ERR(log_tree_root->node);
 		kfree(log_tree_root);
-		return PTR_ERR(log_tree_root->node);
+		return ret;
 	} else if (!extent_buffer_uptodate(log_tree_root->node)) {
 		printk(KERN_ERR "BTRFS: failed to read log tree\n");
 		free_extent_buffer(log_tree_root->node);
-- 
cgit v1.2.3-55-g7522