summaryrefslogtreecommitdiffstats
path: root/drivers/md
diff options
context:
space:
mode:
authorShenghui Wang <shhuiw@foxmail.com>2019-04-25 00:48:42 +0800
committerJens Axboe <axboe@kernel.dk>2019-04-24 10:56:29 -0600
commitf16277ca20acf2c213fcd4b645f4c1cffcadf533 (patch)
tree3d8968274c543f74610194f4974644d276d5d1c2 /drivers/md
parent631207314d88e9091be02fbdd1fdadb1ae2ed79a (diff)
downloadlinux-f16277ca20acf2c213fcd4b645f4c1cffcadf533.tar.gz
linux-f16277ca20acf2c213fcd4b645f4c1cffcadf533.tar.bz2
linux-f16277ca20acf2c213fcd4b645f4c1cffcadf533.zip
bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce
Elements of keylist should be accessed before the list is freed. Move bch_keylist_free() calling after the while loop to avoid wrong content accessed. Signed-off-by: Shenghui Wang <shhuiw@foxmail.com> Signed-off-by: Coly Li <colyli@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'drivers/md')
-rw-r--r--drivers/md/bcache/btree.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
index 64def336f053..b139858b0802 100644
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -1476,11 +1476,11 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op,
out_nocoalesce:
closure_sync(&cl);
- bch_keylist_free(&keylist);
while ((k = bch_keylist_pop(&keylist)))
if (!bkey_cmp(k, &ZERO_KEY))
atomic_dec(&b->c->prio_blocked);
+ bch_keylist_free(&keylist);
for (i = 0; i < nodes; i++)
if (!IS_ERR_OR_NULL(new_nodes[i])) {