diff options
author | Josef Bacik <josef@redhat.com> | 2010-11-19 09:41:10 -0500 |
---|---|---|
committer | Josef Bacik <josef@redhat.com> | 2010-12-09 13:57:10 -0500 |
commit | 955256f2c3e25c94ad373c43fbc38d2ac8af2a71 (patch) | |
tree | f8a6074a34e988e613eb308d4aeb91fd8fb2e968 /fs/btrfs/inode.c | |
parent | 5a92bc88cef279261d3f138e25850c122df67045 (diff) |
Btrfs: fix use after free in O_DIRECT
This fixes a bug where we use dip after we have freed it. Instead just use the
file_offset that was passed to the function. Thanks,
Signed-off-by: Josef Bacik <josef@redhat.com>
Diffstat (limited to 'fs/btrfs/inode.c')
-rw-r--r-- | fs/btrfs/inode.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 0f34cae0a633..ae6c0d190bc1 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c | |||
@@ -5934,8 +5934,7 @@ free_ordered: | |||
5934 | */ | 5934 | */ |
5935 | if (write) { | 5935 | if (write) { |
5936 | struct btrfs_ordered_extent *ordered; | 5936 | struct btrfs_ordered_extent *ordered; |
5937 | ordered = btrfs_lookup_ordered_extent(inode, | 5937 | ordered = btrfs_lookup_ordered_extent(inode, file_offset); |
5938 | dip->logical_offset); | ||
5939 | if (!test_bit(BTRFS_ORDERED_PREALLOC, &ordered->flags) && | 5938 | if (!test_bit(BTRFS_ORDERED_PREALLOC, &ordered->flags) && |
5940 | !test_bit(BTRFS_ORDERED_NOCOW, &ordered->flags)) | 5939 | !test_bit(BTRFS_ORDERED_NOCOW, &ordered->flags)) |
5941 | btrfs_free_reserved_extent(root, ordered->start, | 5940 | btrfs_free_reserved_extent(root, ordered->start, |