[3.8.y.z extended stable] Patch "Btrfs: fix double free in find_lock_delalloc_range" has been added to staging queue

[Kamal Mostafa]

This is a note to let you know that I have just added a patch titled

    Btrfs: fix double free in find_lock_delalloc_range

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.27.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 113b135ebf23a62235aa8985ed9a4cb3b01d2bf2 Mon Sep 17 00:00:00 2001
From: Chris Mason <clm at fb.com>
Date: Wed, 21 May 2014 05:49:54 -0700
Subject: Btrfs: fix double free in find_lock_delalloc_range

commit 7d78874273463a784759916fc3e0b4e2eb141c70 upstream.

We need to NULL the cached_state after freeing it, otherwise
we might free it again if find_delalloc_range doesn't find anything.

Signed-off-by: Chris Mason <clm at fb.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 fs/btrfs/extent_io.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 125397e..0a800dc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -1595,6 +1595,7 @@ again:
 		 * shortening the size of the delalloc range we're searching
 		 */
 		free_extent_state(cached_state);
+		cached_state = NULL;
 		if (!loops) {
 			unsigned long offset = (*start) & (PAGE_CACHE_SIZE - 1);
 			max_bytes = PAGE_CACHE_SIZE - offset;
--
1.9.1