summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSlava Pestov <sp@daterainc.com>2014-07-12 21:53:11 -0700
committerKent Overstreet <kmo@daterainc.com>2014-08-04 15:23:04 -0700
commit400ffaa2acd72274e2c7293a9724382383bebf3e (patch)
treed9f374a9be6fe1ce88ec1513282dba0980baf49c
parent6b708de64adb6dc8319e7aeac922b46904fbeeec (diff)
bcache: fix use-after-free in btree_gc_coalesce()
If we goto out_nocoalesce after we free new_nodes[0], we end up freeing new_nodes[0] again. This was generating a lockdep warning. The fix is to set new_nodes[0] to NULL, since the out_nocoalesce path safely ignores NULL entries in the new_nodes array. This regression was introduced in 2d7f9531. Change-Id: I76564d7257800583214376b4bacf236cda90c89c
-rw-r--r--drivers/md/bcache/btree.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
index f8237856a61..776583f7247 100644
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -1409,6 +1409,7 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op,
BUG_ON(btree_bset_first(new_nodes[0])->keys);
btree_node_free(new_nodes[0]);
rw_unlock(true, new_nodes[0]);
+ new_nodes[0] = NULL;
for (i = 0; i < nodes; i++) {
if (__bch_keylist_realloc(&keylist, bkey_u64s(&r[i].b->key)))