bcachefs: Fix a use after free

In move_read_endio, we were checking if the next pending write has its read completed - but this can turn after a use after free (and we were accessing the list without a lock), so instead just better to just unconditionally do the wakeup. Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
author: Kent Overstreet <kent.overstreet@gmail.com> 2022-02-21 13:22:11 -0500
committer: Kent Overstreet <kent.overstreet@gmail.com> 2022-04-17 15:44:22 -0400
commit: 0663c1bb0fc2217b61c7d1323411bf4cbbd225ac (patch)
tree: 87a31a785949d8612fd2e6f64b78332b76a639c2
parent: 5594b3cc3260ecfe48e6c1de2719e71c47bee217 (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/fs/bcachefs/move.c b/fs/bcachefs/move.c
index 7ca7ce394135..16bca1446a2b 100644
--- a/fs/bcachefs/move.c
+++ b/fs/bcachefs/move.c
@@ -481,9 +481,7 @@ static void move_read_endio(struct bio *bio)
 	atomic_sub(io->read_sectors, &ctxt->read_sectors);
 	io->read_completed = true;
 
-	if (next_pending_write(ctxt))
-		wake_up(&ctxt->wait);
-
+	wake_up(&ctxt->wait);
 	closure_put(&ctxt->cl);
 }
author	Kent Overstreet <kent.overstreet@gmail.com>	2022-02-21 13:22:11 -0500
committer	Kent Overstreet <kent.overstreet@gmail.com>	2022-04-17 15:44:22 -0400
commit	0663c1bb0fc2217b61c7d1323411bf4cbbd225ac (patch)
tree	87a31a785949d8612fd2e6f64b78332b76a639c2
parent	5594b3cc3260ecfe48e6c1de2719e71c47bee217 (diff)