On 04/01, Chao Yu wrote:
> Ping,
>
> Any problem here?
>
> Thanks,
>
> On 2017/3/28 9:17, Chao Yu wrote:
> > On 2017/3/28 7:56, Jaegeuk Kim wrote:
> >> On 03/27, Chao Yu wrote:
> >>> In f2fs_submit_discard_endio, we will wake up waiter before setting
> >>> discard command states, so waiter may use incorrect states. Change
> >>> the order between complete() and states setting to fix this issue.
> >>>
> >>> Signed-off-by: Chao Yu <yuch...@huawei.com>
> >>> ---
> >>> fs/f2fs/segment.c | 2 +-
> >>> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>>
> >>> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
> >>> index 57a81f9c8c14..9f9542c9fe47 100644
> >>> --- a/fs/f2fs/segment.c
> >>> +++ b/fs/f2fs/segment.c
> >>> @@ -717,9 +717,9 @@ static void f2fs_submit_discard_endio(struct bio *bio)
> >>> {
> >>> struct discard_cmd *dc = (struct discard_cmd *)bio->bi_private;
> >>>
> >>> - complete(&dc->wait);
> >>> dc->error = bio->bi_error;
> >>> dc->state = D_DONE;
> >>> + complete(&dc->wait);
> >>
> >> If we set D_DONE first, the object can be released by
> >> __remove_discard_cmd()?
What I mean was about use-after-free.
Thanks,
> >
> > Yes, I think so.
> >
> > Thanks,
> >
> >>
> >> Thanks,
> >>
> >>> bio_put(bio);
> >>> }
> >>>
> >>> --
> >>> 2.8.2.295.g3f1c1d0
> >>
> >> .
> >>
