Function btrfs_uuid_tree_iterate() is defined in file fs/btrfs/uuid-tree.c. When the call to btrfs_alloc_path() fails, it assigns "-ENOMEM" to variable ret and jumps to label "out". However, 0 rather than ret is returned at the end. As a result, the callers will not be able to detect errors during the execution of btrfs_uuid_tree_iterate(). Maybe it is better to use "return ret;" instead of "return 0;" at line 356. Codes related to this bug are summarised as follows. btrfs_uuid_tree_iterate @@ fs/btrfs/uuid-tree.c 260 int btrfs_uuid_tree_iterate(struct btrfs_fs_info *fs_info, 261 int (*check_func)(struct btrfs_fs_info *, u8 *, u8, 262 u64)) 263 { 264 struct btrfs_root *root = fs_info->uuid_root; 265 struct btrfs_key key; 266 struct btrfs_path *path; 267 int ret = 0; 268 struct extent_buffer *leaf; 269 int slot; 270 u32 item_size; 271 unsigned long offset; 272 273 path = btrfs_alloc_path(); 274 if (!path) { 275 ret = -ENOMEM; 276 goto out; 277 } ... 352 out: 353 btrfs_free_path(path); 354 if (ret) 355 btrfs_warn(fs_info, "btrfs_uuid_tree_iterate failed %d", ret); 356 return 0; // return ret? 357 } Thanks very much!
Patch has been added to for-next branch, merge target 4.11. https://patchwork.kernel.org/patch/9459887/