Commit 955256f2 authored by Josef Bacik's avatar Josef Bacik

Btrfs: fix use after free in O_DIRECT

This fixes a bug where we use dip after we have freed it.  Instead just use the
file_offset that was passed to the function.  Thanks,
Signed-off-by: default avatarJosef Bacik <josef@redhat.com>
parent 5a92bc88
...@@ -5934,8 +5934,7 @@ static void btrfs_submit_direct(int rw, struct bio *bio, struct inode *inode, ...@@ -5934,8 +5934,7 @@ static void btrfs_submit_direct(int rw, struct bio *bio, struct inode *inode,
*/ */
if (write) { if (write) {
struct btrfs_ordered_extent *ordered; struct btrfs_ordered_extent *ordered;
ordered = btrfs_lookup_ordered_extent(inode, ordered = btrfs_lookup_ordered_extent(inode, file_offset);
dip->logical_offset);
if (!test_bit(BTRFS_ORDERED_PREALLOC, &ordered->flags) && if (!test_bit(BTRFS_ORDERED_PREALLOC, &ordered->flags) &&
!test_bit(BTRFS_ORDERED_NOCOW, &ordered->flags)) !test_bit(BTRFS_ORDERED_NOCOW, &ordered->flags))
btrfs_free_reserved_extent(root, ordered->start, btrfs_free_reserved_extent(root, ordered->start,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment