f2fs: fix to cover io->bio with io_rwsem

In the f2fs_wait_on_page_writeback, io->bio should be covered by io_rwsem. Otherwise, the bio pointer can become a dangling pointer due to data races. Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>

f2fs: fix to cover io->bio with io_rwsem
In the f2fs_wait_on_page_writeback, io->bio should be covered by io_rwsem. Otherwise, the bio pointer can become a dangling pointer due to data races. Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
Jaegeuk Kim
1 parent d54c795b49
Showing 1 changed file with 2 additions and 3 deletions Side-by-side Diff
fs/f2fs/segment.c
@@ -1049,15 +1049,14 @@
 {
 	enum page_type btype = PAGE_TYPE_OF_BIO(type);
 	struct f2fs_bio_info *io = &sbi->write_io[btype];
-	struct bio *bio = io->bio;
 	struct bio_vec *bvec;
 	int i;
  
 	down_read(&io->io_rwsem);
-	if (!bio)
+	if (!io->bio)
 		goto out;
  
-	bio_for_each_segment_all(bvec, bio, i) {
+	bio_for_each_segment_all(bvec, io->bio, i) {
 		if (page == bvec->bv_page) {
 			up_read(&io->io_rwsem);
 			return true;
...	...	@@ -1049,15 +1049,14 @@
1049	1049	{
1050	1050	enum page_type btype = PAGE_TYPE_OF_BIO(type);
1051	1051	struct f2fs_bio_info *io = &sbi->write_io[btype];
1052		- struct bio *bio = io->bio;
1053	1052	struct bio_vec *bvec;
1054	1053	int i;
1055	1054
1056	1055	down_read(&io->io_rwsem);
1057		- if (!bio)
	1056	+ if (!io->bio)
1058	1057	goto out;
1059	1058
1060		- bio_for_each_segment_all(bvec, bio, i) {
	1059	+ bio_for_each_segment_all(bvec, io->bio, i) {
1061	1060	if (page == bvec->bv_page) {
1062	1061	up_read(&io->io_rwsem);
1063	1062	return true;