aboutsummaryrefslogtreecommitdiffstats
path: root/fs/btrfs
diff options
context:
space:
mode:
authorJosef Bacik <josef@redhat.com>2010-11-19 09:41:10 -0500
committerJosef Bacik <josef@redhat.com>2010-12-09 13:57:10 -0500
commit955256f2c3e25c94ad373c43fbc38d2ac8af2a71 (patch)
treef8a6074a34e988e613eb308d4aeb91fd8fb2e968 /fs/btrfs
parent5a92bc88cef279261d3f138e25850c122df67045 (diff)
downloadkernel_samsung_aries-955256f2c3e25c94ad373c43fbc38d2ac8af2a71.zip
kernel_samsung_aries-955256f2c3e25c94ad373c43fbc38d2ac8af2a71.tar.gz
kernel_samsung_aries-955256f2c3e25c94ad373c43fbc38d2ac8af2a71.tar.bz2
Btrfs: fix use after free in O_DIRECT
This fixes a bug where we use dip after we have freed it. Instead just use the file_offset that was passed to the function. Thanks, Signed-off-by: Josef Bacik <josef@redhat.com>
Diffstat (limited to 'fs/btrfs')
-rw-r--r--fs/btrfs/inode.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 0f34cae..ae6c0d1 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -5934,8 +5934,7 @@ free_ordered:
*/
if (write) {
struct btrfs_ordered_extent *ordered;
- ordered = btrfs_lookup_ordered_extent(inode,
- dip->logical_offset);
+ ordered = btrfs_lookup_ordered_extent(inode, file_offset);
if (!test_bit(BTRFS_ORDERED_PREALLOC, &ordered->flags) &&
!test_bit(BTRFS_ORDERED_NOCOW, &ordered->flags))
btrfs_free_reserved_extent(root, ordered->start,