btrfs: free btrfs_path before copying inodes to userspace
authorAnand Jain <anand.jain@oracle.com>
Thu, 10 Nov 2022 06:06:28 +0000 (11:36 +0530)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 8 Dec 2022 10:23:53 +0000 (11:23 +0100)
commit7b020665d4824a3ed7c1296ee1ea40d913bce3a9
tree443a12a4c0da1803fdebd509b6a11dcd0d68034f
parentd5b7a34379faf42cf8ef63fb520f05e5d3d218d4
btrfs: free btrfs_path before copying inodes to userspace

[ Upstream commit 418ffb9e3cf6c4e2574d3a732b724916684bd133 ]

btrfs_ioctl_logical_to_ino() frees the search path after the userspace
copy from the temp buffer @inodes. Which potentially can lead to a lock
splat.

Fix this by freeing the path before we copy @inodes to userspace.

CC: stable@vger.kernel.org # 4.19+
Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
fs/btrfs/ioctl.c