Btrfs: fix use after free in O_DIRECT
authorJosef Bacik <josef@redhat.com>
Fri, 19 Nov 2010 14:41:10 +0000 (09:41 -0500)
committerJosef Bacik <josef@redhat.com>
Thu, 9 Dec 2010 18:57:10 +0000 (13:57 -0500)
This fixes a bug where we use dip after we have freed it.  Instead just use the
file_offset that was passed to the function.  Thanks,

Signed-off-by: Josef Bacik <josef@redhat.com>
fs/btrfs/inode.c

index 0f34cae0a6332692cc0887c142c2ae77cd758e3c..ae6c0d190bc1e75d275894c0a8dc5b22b6489f5e 100644 (file)
@@ -5934,8 +5934,7 @@ free_ordered:
         */
        if (write) {
                struct btrfs_ordered_extent *ordered;
-               ordered = btrfs_lookup_ordered_extent(inode,
-                                                     dip->logical_offset);
+               ordered = btrfs_lookup_ordered_extent(inode, file_offset);
                if (!test_bit(BTRFS_ORDERED_PREALLOC, &ordered->flags) &&
                    !test_bit(BTRFS_ORDERED_NOCOW, &ordered->flags))
                        btrfs_free_reserved_extent(root, ordered->start,