bcachefs: Fix a use after free

In move_read_endio, we were checking if the next pending write has its read completed - but this can turn after a use after free (and we were accessing the list without a lock), so instead just better to just unconditionally do the wakeup. Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
author: Kent Overstreet <kent.overstreet@gmail.com> 2022-02-21 13:22:11 -0500
committer: Kent Overstreet <kent.overstreet@linux.dev> 2023-10-22 17:09:24 -0400
commit: f61816d0fc6091e14b3f4ffce962dc5084a1b6cd (patch)
tree: e544827d27d3e8adba7d490c98d5cbdc240dc0f4 /fs/bcachefs/move.c
parent: 12bf93a429c981cf337ce2c27504ec0171157f76 (diff)
download: linux-stable-f61816d0fc6091e14b3f4ffce962dc5084a1b6cd.tar.gz
linux-stable-f61816d0fc6091e14b3f4ffce962dc5084a1b6cd.tar.bz2
linux-stable-f61816d0fc6091e14b3f4ffce962dc5084a1b6cd.zip
1 files changed, 1 insertions, 3 deletions
diff --git a/fs/bcachefs/move.c b/fs/bcachefs/move.c
index 4751d79219cb..2eb192da8e1d 100644
--- a/fs/bcachefs/move.c
+++ b/fs/bcachefs/move.c
@@ -480,9 +480,7 @@ static void move_read_endio(struct bio *bio)
 	atomic_sub(io->read_sectors, &ctxt->read_sectors);
 	io->read_completed = true;
 
-	if (next_pending_write(ctxt))
-		wake_up(&ctxt->wait);
-
+	wake_up(&ctxt->wait);
 	closure_put(&ctxt->cl);
 }
author	Kent Overstreet <kent.overstreet@gmail.com>	2022-02-21 13:22:11 -0500
committer	Kent Overstreet <kent.overstreet@linux.dev>	2023-10-22 17:09:24 -0400
commit	f61816d0fc6091e14b3f4ffce962dc5084a1b6cd (patch)
tree	e544827d27d3e8adba7d490c98d5cbdc240dc0f4 /fs/bcachefs/move.c
parent	12bf93a429c981cf337ce2c27504ec0171157f76 (diff)
download	linux-stable-f61816d0fc6091e14b3f4ffce962dc5084a1b6cd.tar.gz linux-stable-f61816d0fc6091e14b3f4ffce962dc5084a1b6cd.tar.bz2 linux-stable-f61816d0fc6091e14b3f4ffce962dc5084a1b6cd.zip