diff options
| author | Kent Overstreet <kent.overstreet@gmail.com> | 2020-03-16 14:49:52 -0400 |
|---|---|---|
| committer | Kent Overstreet <kent.overstreet@gmail.com> | 2020-03-16 14:50:03 -0400 |
| commit | 6b3c73b3dc2a4ce5cc372a21f55767cd0d8c6c07 (patch) | |
| tree | 83db5fd4fa6112f60b40c6a2b2328c6bcfab81aa | |
| parent | e2cdce02489e0d79541a943915dc997ab1e4fe5d (diff) | |
bcachefs: Fix a use after free in dio write path
Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
| -rw-r--r-- | fs/bcachefs/fs-io.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/fs/bcachefs/fs-io.c b/fs/bcachefs/fs-io.c index 92fa72cb3216..ec46be3b646b 100644 --- a/fs/bcachefs/fs-io.c +++ b/fs/bcachefs/fs-io.c @@ -1807,7 +1807,7 @@ static long bch2_dio_write_loop(struct dio_write *dio) struct bio_vec *bv; unsigned unaligned; u64 new_i_size; - bool sync; + bool sync = dio->sync; long ret; if (dio->loop) @@ -1855,7 +1855,7 @@ static long bch2_dio_write_loop(struct dio_write *dio) iov = kmalloc(dio->iter.nr_segs * sizeof(*iov), GFP_KERNEL); if (unlikely(!iov)) { - dio->sync = true; + dio->sync = sync = true; goto do_io; } @@ -1869,7 +1869,7 @@ do_io: dio->loop = true; closure_call(&dio->op.cl, bch2_write, NULL, NULL); - if (dio->sync) + if (sync) wait_for_completion(&dio->done); else return -EIOCBQUEUED; @@ -1903,7 +1903,6 @@ err: if (dio->free_iov) kfree(dio->iter.iov); - sync = dio->sync; bio_put(bio); /* inode->i_dio_count is our ref on inode and thus bch_fs */ |