diff options
author | Kent Overstreet <kent.overstreet@gmail.com> | 2022-02-21 13:22:11 -0500 |
---|---|---|
committer | Kent Overstreet <kent.overstreet@linux.dev> | 2023-10-22 17:09:24 -0400 |
commit | f61816d0fc6091e14b3f4ffce962dc5084a1b6cd (patch) | |
tree | e544827d27d3e8adba7d490c98d5cbdc240dc0f4 | |
parent | 12bf93a429c981cf337ce2c27504ec0171157f76 (diff) |
bcachefs: Fix a use after free
In move_read_endio, we were checking if the next pending write has its
read completed - but this can turn after a use after free (and we were
accessing the list without a lock), so instead just better to just
unconditionally do the wakeup.
Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
-rw-r--r-- | fs/bcachefs/move.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/fs/bcachefs/move.c b/fs/bcachefs/move.c index 4751d79219cb..2eb192da8e1d 100644 --- a/fs/bcachefs/move.c +++ b/fs/bcachefs/move.c @@ -480,9 +480,7 @@ static void move_read_endio(struct bio *bio) atomic_sub(io->read_sectors, &ctxt->read_sectors); io->read_completed = true; - if (next_pending_write(ctxt)) - wake_up(&ctxt->wait); - + wake_up(&ctxt->wait); closure_put(&ctxt->cl); } |