bcachefs: Fix a use after free

Turns out, we weren't waiting on in flight btree writes when freeing existing btree nodes. This lead to stray btree writes overwriting newly allocated buckets, but only started showing itself with some of the recent allocator work and another patch to move submitting of btree writes to worqueues. Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
author: Kent Overstreet <kent.overstreet@gmail.com> 2021-04-19 17:17:34 -0400
committer: Kent Overstreet <kent.overstreet@gmail.com> 2021-04-19 17:31:58 -0400
commit: 9c35e414c36205d811b4cf41aea7f2ea1b761616 (patch)
tree: 1d3ba97736a01e89eaa0ad57a1ab7bf8d4621308
parent: fe72e70682cd2430a099c08c3135253675030d28 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/fs/bcachefs/btree_update_interior.c b/fs/bcachefs/btree_update_interior.c
index 07c925345675..6b8d3d0f3d2d 100644
--- a/fs/bcachefs/btree_update_interior.c
+++ b/fs/bcachefs/btree_update_interior.c
@@ -887,6 +887,14 @@ void bch2_btree_interior_update_will_free_node(struct btree_update *as,
 	btree_update_drop_new_node(c, b);
 
 	btree_update_will_delete_key(as, &b->key);
+
+	/*
+	 * XXX: Waiting on io with btree node locks held, we don't want to be
+	 * doing this. We can't have btree writes happening after the space has
+	 * been freed, but we really only need to block before
+	 * btree_update_nodes_written_trans() happens.
+	 */
+	btree_node_wait_on_io(b);
 }
 
 void bch2_btree_update_done(struct btree_update *as)
author	Kent Overstreet <kent.overstreet@gmail.com>	2021-04-19 17:17:34 -0400
committer	Kent Overstreet <kent.overstreet@gmail.com>	2021-04-19 17:31:58 -0400
commit	9c35e414c36205d811b4cf41aea7f2ea1b761616 (patch)
tree	1d3ba97736a01e89eaa0ad57a1ab7bf8d4621308
parent	fe72e70682cd2430a099c08c3135253675030d28 (diff)