[PATCH v2] f2fs: prevent waiter encountering incorrect discard states
From: Chao Yu
Date: Wed Apr 05 2017 - 06:29:16 EST
In f2fs_submit_discard_endio, we will wake up waiter before setting
discard command states, so waiter may use incorrect states. Change
the order between complete() and states setting to fix this issue.
Signed-off-by: Chao Yu <yuchao0@xxxxxxxxxx>
---
v2: use wait_for_completion_io before releasing discard entry to avoid
use-after-free.
fs/f2fs/segment.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 24911c5679d6..ec19cfcfcd24 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -717,9 +717,9 @@ static void f2fs_submit_discard_endio(struct bio *bio)
{
struct discard_cmd *dc = (struct discard_cmd *)bio->bi_private;
- complete(&dc->wait);
dc->error = bio->bi_error;
dc->state = D_DONE;
+ complete(&dc->wait);
bio_put(bio);
}
@@ -807,8 +807,7 @@ void f2fs_wait_discard_bio(struct f2fs_sb_info *sbi, block_t blkaddr)
list_for_each_entry_safe(dc, tmp, wait_list, list) {
if (dc->lstart <= blkaddr && blkaddr < dc->lstart + dc->len) {
- if (dc->state == D_SUBMIT)
- wait_for_completion_io(&dc->wait);
+ wait_for_completion_io(&dc->wait);
__punch_discard_cmd(sbi, dc, blkaddr);
}
}
@@ -868,8 +867,10 @@ static int issue_discard_thread(void *data)
blk_finish_plug(&plug);
list_for_each_entry_safe(dc, tmp, wait_list, list) {
- if (dc->state == D_DONE)
+ if (dc->state == D_DONE) {
+ wait_for_completion_io(&dc->wait);
__remove_discard_cmd(sbi, dc);
+ }
}
mutex_unlock(&dcc->cmd_lock);
--
2.12.2.510.ge1104a5ee539