btrfs: free btrfs_path before copying fspath to userspace

btrfs_ioctl_ino_to_path() frees the search path after the userspace copy from the temp buffer @ipath->fspath. Which potentially can lead to a lock splat warning. Fix this by freeing the path before we copy it to userspace. CC: [email protected] # 4.19+ Signed-off-by: Anand Jain <[email protected]> Reviewed-by: David Sterba <[email protected]> Signed-off-by: David Sterba <[email protected]>
rountree · Nov 15, 2022 · 8cf96b4 · 8cf96b4
1 parent 418ffb9
commit 8cf96b4
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
@@ -4232,6 +4232,8 @@ static long btrfs_ioctl_ino_to_path(struct btrfs_root *root, void __user *arg)
 		ipath->fspath->val[i] = rel_ptr;
 	}
 
+	btrfs_free_path(path);
+	path = NULL;
 	ret = copy_to_user((void __user *)(unsigned long)ipa->fspath,
 			   ipath->fspath, size);
 	if (ret) {