Btrfs: kernel operation should come after user input has been verified

By general rule of thumb there shouldn't be any way that user land
could trigger a kernel operation just by sending wrong arguments.

Here do commit cleanups after user input has been verified.

Signed-off-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
index 7aed8a8..02031fc 100644 (file)
--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -327,19 +327,6 @@ int btrfs_dev_replace_start(struct btrfs_root *root,
            args->start.tgtdev_name[0] == '\0')
                return -EINVAL;
 
-       /*
-        * Here we commit the transaction to make sure commit_total_bytes
-        * of all the devices are updated.
-        */
-       trans = btrfs_attach_transaction(root);
-       if (!IS_ERR(trans)) {
-               ret = btrfs_commit_transaction(trans, root);
-               if (ret)
-                       return ret;
-       } else if (PTR_ERR(trans) != -ENOENT) {
-               return PTR_ERR(trans);
-       }
-
        /* the disk copy procedure reuses the scrub code */
        mutex_lock(&fs_info->volume_mutex);
        ret = btrfs_dev_replace_find_srcdev(root, args->start.srcdevid,
@@ -356,6 +343,19 @@ int btrfs_dev_replace_start(struct btrfs_root *root,
        if (ret)
                return ret;
 
+       /*
+        * Here we commit the transaction to make sure commit_total_bytes
+        * of all the devices are updated.
+        */
+       trans = btrfs_attach_transaction(root);
+       if (!IS_ERR(trans)) {
+               ret = btrfs_commit_transaction(trans, root);
+               if (ret)
+                       return ret;
+       } else if (PTR_ERR(trans) != -ENOENT) {
+               return PTR_ERR(trans);
+       }
+
        btrfs_dev_replace_lock(dev_replace);
        switch (dev_replace->replace_state) {
        case BTRFS_IOCTL_DEV_REPLACE_STATE_NEVER_STARTED: