bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce

Elements of keylist should be accessed before the list is freed. Move bch_keylist_free() calling after the while loop to avoid wrong content accessed. Signed-off-by: Shenghui Wang <shhuiw@foxmail.com> Signed-off-by: Coly Li <colyli@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk>

bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_gc_coalesce
Elements of keylist should be accessed before the list is freed. Move bch_keylist_free() calling after the while loop to avoid wrong content accessed. Signed-off-by: Shenghui Wang <shhuiw@foxmail.com> Signed-off-by: Coly Li <colyli@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk>
f16277ca · Shenghui Wang · Jens Axboe · 63120731 · f16277ca
Commit f16277ca authored Apr 25, 2019 by Shenghui Wang Committed by Jens Axboe Apr 24, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

drivers/md/bcache/btree.c drivers/md/bcache/btree.c +1 -1

No files found.
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -1476,11 +1476,11 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op,
 out_nocoalesce:
 	closure_sync(&cl);
-	bch_keylist_free(&keylist);
 	while ((k = bch_keylist_pop(&keylist)))
 		if (!bkey_cmp(k, &ZERO_KEY))
 			atomic_dec(&b->c->prio_blocked);
+	bch_keylist_free(&keylist);
 	for (i = 0; i < nodes; i++)
 		if (!IS_ERR_OR_NULL(new_nodes[i])) {