korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 08:14:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

bcachefs: Fix a use after free in dio write path

Browse Source 
Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
This commit is contained in:
Kent Overstreet 2020-03-16 14:49:52 -04:00 committed by Kent Overstreet
parent 511ed5bf76
commit 286d8ad040
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
fs/bcachefs/fs-io.c
View File

@ -1787,7 +1787,7 @@ static long bch2_dio_write_loop(struct dio_write *dio)
struct bio_vec *bv;
unsigned unaligned;
u64 new_i_size;
bool sync;
bool sync = dio->sync;
long ret;
if (dio->loop)
@ -1830,7 +1830,7 @@ static long bch2_dio_write_loop(struct dio_write *dio)
if (!dio->sync && !dio->loop && dio->iter.count) {
if (bch2_dio_write_copy_iov(dio)) {
dio->sync = true;
dio->sync = sync = true;
goto do_io;
}
}
@ -1838,7 +1838,7 @@ do_io:
dio->loop = true;
closure_call(&dio->op.cl, bch2_write, NULL, NULL);
if (dio->sync)
if (sync)
wait_for_completion(&dio->done);
else
return -EIOCBQUEUED;
@ -1872,7 +1872,6 @@ err:
if (dio->free_iov)
kfree(dio->iter.__iov);
sync = dio->sync;
bio_put(bio);
/* inode->i_dio_count is our ref on inode and thus bch_fs */