Commit f16277ca authored by Shenghui Wang's avatar Shenghui Wang Committed by Jens Axboe
Browse files

bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce 



Elements of keylist should be accessed before the list is freed.
Move bch_keylist_free() calling after the while loop to avoid wrong
content accessed.

Signed-off-by: default avatarShenghui Wang <shhuiw@foxmail.com>
Signed-off-by: default avatarColy Li <colyli@suse.de>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 63120731

drivers/md/bcache/btree.c

+1 −1
Original line number Diff line number Diff line
@@ -1476,11 +1476,11 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op, 


out_nocoalesce:

	closure_sync(&cl);

	bch_keylist_free(&keylist);



	while ((k = bch_keylist_pop(&keylist)))

		if (!bkey_cmp(k, &ZERO_KEY))

			atomic_dec(&b->c->prio_blocked);

	bch_keylist_free(&keylist);



	for (i = 0; i < nodes; i++)

		if (!IS_ERR_OR_NULL(new_nodes[i])) {

CRA Git | Maintained and supported by SUSTech CRA and CCSE