aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Mason <chris.mason@oracle.com>2008-11-10 11:44:58 -0500
committerChris Mason <chris.mason@oracle.com>2008-11-10 11:44:58 -0500
commite04ca626baee684bea9d6239e4e1119b696101b2 (patch)
treef5327eae3e8393f19ef9f40426efb8b3488f36f6
parentff5b7ee33d82414bf4baf299c21fb703bcc89629 (diff)
Btrfs: Fix use after free during compressed reads
Yan's fix to use the correct file offset during compressed reads used the extent_map struct pointer after it had been freed. This saves the fields we want for later use instead. Signed-off-by: Chris Mason <chris.mason@oracle.com>
-rw-r--r--fs/btrfs/compression.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c
index 8e7a78acf81a..b582c6fd80f2 100644
--- a/fs/btrfs/compression.c
+++ b/fs/btrfs/compression.c
@@ -505,6 +505,8 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
505 struct block_device *bdev; 505 struct block_device *bdev;
506 struct bio *comp_bio; 506 struct bio *comp_bio;
507 u64 cur_disk_byte = (u64)bio->bi_sector << 9; 507 u64 cur_disk_byte = (u64)bio->bi_sector << 9;
508 u64 em_len;
509 u64 em_start;
508 struct extent_map *em; 510 struct extent_map *em;
509 int ret; 511 int ret;
510 512
@@ -525,7 +527,10 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
525 527
526 cb->start = em->orig_start; 528 cb->start = em->orig_start;
527 compressed_len = em->block_len; 529 compressed_len = em->block_len;
530 em_len = em->len;
531 em_start = em->start;
528 free_extent_map(em); 532 free_extent_map(em);
533 em = NULL;
529 534
530 cb->len = uncompressed_len; 535 cb->len = uncompressed_len;
531 cb->compressed_len = compressed_len; 536 cb->compressed_len = compressed_len;
@@ -543,7 +548,7 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio,
543 } 548 }
544 cb->nr_pages = nr_pages; 549 cb->nr_pages = nr_pages;
545 550
546 add_ra_bio_pages(inode, em->start + em->len, cb); 551 add_ra_bio_pages(inode, em_start + em_len, cb);
547 552
548 if (!btrfs_test_opt(root, NODATASUM) && 553 if (!btrfs_test_opt(root, NODATASUM) &&
549 !btrfs_test_flag(inode, NODATASUM)) { 554 !btrfs_test_flag(inode, NODATASUM)) {