korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 00:04:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

bcachefs: Fix a use after free

Browse Source 
In move_read_endio, we were checking if the next pending write has its
read completed - but this can turn after a use after free (and we were
accessing the list without a lock), so instead just better to just
unconditionally do the wakeup.

Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
This commit is contained in:
Kent Overstreet 2022-02-21 13:22:11 -05:00 committed by Kent Overstreet
parent 12bf93a429
commit f61816d0fc
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fs/bcachefs/move.c
View File

@ -480,9 +480,7 @@ static void move_read_endio(struct bio *bio)
atomic_sub(io->read_sectors, &ctxt->read_sectors);
io->read_completed = true;
if (next_pending_write(ctxt))
wake_up(&ctxt->wait);
wake_up(&ctxt->wait);
closure_put(&ctxt->cl);
}