From f7409d0fae7a02ea6c8195f75ad73866d5dea617 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Fri, 21 Aug 2015 23:37:18 -0700 Subject: f2fs: fix wrong pointer access during try_to_free_nids If we release the lock in list_for_each_entry_safe, we can lose the tmp pointer by alloc_nid. Signed-off-by: Jaegeuk Kim diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c index 777066d..0867325 100644 --- a/fs/f2fs/node.c +++ b/fs/f2fs/node.c @@ -1664,11 +1664,9 @@ int try_to_free_nids(struct f2fs_sb_info *sbi, int nr_shrink) if (i->state == NID_ALLOC) continue; __del_from_free_nid_list(nm_i, i); - nm_i->fcnt--; - spin_unlock(&nm_i->free_nid_list_lock); kmem_cache_free(free_nid_slab, i); + nm_i->fcnt--; nr_shrink--; - spin_lock(&nm_i->free_nid_list_lock); } spin_unlock(&nm_i->free_nid_list_lock); mutex_unlock(&nm_i->build_lock); -- cgit v0.10.2