diff options
| author | Kent Overstreet <kent.overstreet@linux.dev> | 2024-05-22 20:36:42 -0400 |
|---|---|---|
| committer | Kent Overstreet <kent.overstreet@linux.dev> | 2024-05-22 20:37:47 -0400 |
| commit | d93ff5fa40b9db5f505d508336bc171f54db862e (patch) | |
| tree | 42d8e00b8727ce105455860ac19d932b3c9e8545 | |
| parent | cd3b31f9d4174cccafd8da615d73f40c1ce48939 (diff) | |
bcachefs: Fix race path in bch2_inode_insert()bcachefs-2024-05-24
__destroy_new_inode() is appropriate when we have _just_allocated the
inode, but not when it's been fully initialized and on i_sb_list.
Reported-by: syzbot+a0ddc9873c280a4cb18f@syzkaller.appspotmail.com
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
| -rw-r--r-- | fs/bcachefs/fs.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/fs/bcachefs/fs.c b/fs/bcachefs/fs.c index 9b41c6e9deef..96040a95cf46 100644 --- a/fs/bcachefs/fs.c +++ b/fs/bcachefs/fs.c @@ -188,8 +188,7 @@ static struct bch_inode_info *bch2_inode_insert(struct bch_fs *c, struct bch_ino BUG_ON(!old); if (unlikely(old != inode)) { - __destroy_inode(&inode->v); - kmem_cache_free(bch2_inode_cache, inode); + discard_new_inode(&inode->v); inode = old; } else { mutex_lock(&c->vfs_inodes_lock); |