openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

bcache: fix use-after-free in btree_gc_coalesce() 

If we goto out_nocoalesce after we free new_nodes[0], we end up freeing
new_nodes[0] again. This was generating a lockdep warning. The fix is
to set new_nodes[0] to NULL, since the out_nocoalesce path safely
ignores NULL entries in the new_nodes array.

This regression was introduced in 2d7f9531.

Change-Id: I76564d7257800583214376b4bacf236cda90c89c
This commit is contained in:
Slava Pestov 2014-07-12 21:53:11 -07:00 committed by Kent Overstreet
parent 6b708de64a
commit 400ffaa2ac
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
drivers/md/bcache/btree.c
View File

@ -1409,6 +1409,7 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op,
BUG_ON(btree_bset_first(new_nodes[0])->keys); BUG_ON(btree_bset_first(new_nodes[0])->keys);
btree_node_free(new_nodes[0]); btree_node_free(new_nodes[0]);
rw_unlock(true, new_nodes[0]); rw_unlock(true, new_nodes[0]);
new_nodes[0] = NULL;
for (i = 0; i < nodes; i++) { for (i = 0; i < nodes; i++) {
if (__bch_keylist_realloc(&keylist, bkey_u64s(&r[i].b->key))) if (__bch_keylist_realloc(&keylist, bkey_u64s(&r[i].b->key)))