Commit 286d8ad0 authored by Kent Overstreet's avatar Kent Overstreet Committed by Kent Overstreet

bcachefs: Fix a use after free in dio write path

Signed-off-by: default avatarKent Overstreet <kent.overstreet@gmail.com>
Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
parent 511ed5bf
......@@ -1787,7 +1787,7 @@ static long bch2_dio_write_loop(struct dio_write *dio)
struct bio_vec *bv;
unsigned unaligned;
u64 new_i_size;
bool sync;
bool sync = dio->sync;
long ret;
if (dio->loop)
......@@ -1830,7 +1830,7 @@ static long bch2_dio_write_loop(struct dio_write *dio)
if (!dio->sync && !dio->loop && dio->iter.count) {
if (bch2_dio_write_copy_iov(dio)) {
dio->sync = true;
dio->sync = sync = true;
goto do_io;
}
}
......@@ -1838,7 +1838,7 @@ static long bch2_dio_write_loop(struct dio_write *dio)
dio->loop = true;
closure_call(&dio->op.cl, bch2_write, NULL, NULL);
if (dio->sync)
if (sync)
wait_for_completion(&dio->done);
else
return -EIOCBQUEUED;
......@@ -1872,7 +1872,6 @@ static long bch2_dio_write_loop(struct dio_write *dio)
if (dio->free_iov)
kfree(dio->iter.__iov);
sync = dio->sync;
bio_put(bio);
/* inode->i_dio_count is our ref on inode and thus bch_fs */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment