bch_keylist_free() frees dynamic memory if any and will not change
pointer members of keylist. But we cannot guarantee the content of
the freed memory is not changed on entering following while and pop
loop. Move bch_keylist_free() calling after the while loop to avoid
wrong content accessed.
Signed-off-by: Shenghui Wang <shhuiw@xxxxxxxxxxx>
---
drivers/md/bcache/btree.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
index 23cb1dc7296b..13671f381c44 100644
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -1475,11 +1475,11 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op,
out_nocoalesce:
closure_sync(&cl);
- bch_keylist_free(&keylist);
while ((k = bch_keylist_pop(&keylist)))
if (!bkey_cmp(k, &ZERO_KEY))
atomic_dec(&b->c->prio_blocked);
+ bch_keylist_free(&keylist);
for (i = 0; i < nodes; i++)
if (!IS_ERR_OR_NULL(new_nodes[i])) {
--
2.20.1
