On 2019/2/8 7:02 下午, Shenghui Wang wrote:
> Elements of keylist should be accessed before the list is freed.
> Move bch_keylist_free() calling after the while loop to avoid wrong
> content accessed.
>
> Signed-off-by: Shenghui Wang <shhuiw@xxxxxxxxxxx>
Added to my for-test directory. Thanks.
Coly Li
> ---
> drivers/md/bcache/btree.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
> index 23cb1dc7296b..13671f381c44 100644
> --- a/drivers/md/bcache/btree.c
> +++ b/drivers/md/bcache/btree.c
> @@ -1475,11 +1475,11 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op,
>
> out_nocoalesce:
> closure_sync(&cl);
> - bch_keylist_free(&keylist);
>
> while ((k = bch_keylist_pop(&keylist)))
> if (!bkey_cmp(k, &ZERO_KEY))
> atomic_dec(&b->c->prio_blocked);
> + bch_keylist_free(&keylist);
>
> for (i = 0; i < nodes; i++)
> if (!IS_ERR_OR_NULL(new_nodes[i])) {
>
--
Coly Li
