diff options
author | Kent Overstreet <kent.overstreet@linux.dev> | 2024-11-06 16:40:08 -0500 |
---|---|---|
committer | Kent Overstreet <kent.overstreet@linux.dev> | 2024-11-07 16:48:21 -0500 |
commit | 8440da933127fc5330c3d1090cdd612fddbc40eb (patch) | |
tree | 91ece521bf22f076e84a3d513998277c219e61a1 | |
parent | f9f0a5390dcef1f96cc506a2cf7d50c8e348fa3d (diff) |
bcachefs: Fix UAF in __promote_alloc() error path
If we error in data_update_init() after adding to the rhashtable of
outstanding promotes, kfree_rcu() is required.
Reported-by: Reed Riley <reed@riley.engineer>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
-rw-r--r-- | fs/bcachefs/io_read.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/bcachefs/io_read.c b/fs/bcachefs/io_read.c index ac6a6fcc2bb8..b3b934a87c6d 100644 --- a/fs/bcachefs/io_read.c +++ b/fs/bcachefs/io_read.c @@ -262,7 +262,8 @@ err: bio_free_pages(&(*rbio)->bio); kfree(*rbio); *rbio = NULL; - kfree(op); + /* We may have added to the rhashtable and thus need rcu freeing: */ + kfree_rcu(op, rcu); bch2_write_ref_put(c, BCH_WRITE_REF_promote); return ERR_PTR(ret); } |