| From: Pan Bian <bianpan2016@163.com> |
| Date: Thu, 22 Nov 2018 18:58:46 +0800 |
| Subject: f2fs: read page index before freeing |
| |
| commit 0ea295dd853e0879a9a30ab61f923c26be35b902 upstream. |
| |
| The function truncate_node frees the page with f2fs_put_page. However, |
| the page index is read after that. So, the patch reads the index before |
| freeing the page. |
| |
| Fixes: bf39c00a9a7f ("f2fs: drop obsolete node page when it is truncated") |
| Signed-off-by: Pan Bian <bianpan2016@163.com> |
| Reviewed-by: Chao Yu <yuchao0@huawei.com> |
| Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> |
| [bwh: Backported to 3.16: adjust context] |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| fs/f2fs/node.c | 4 +++- |
| 1 file changed, 3 insertions(+), 1 deletion(-) |
| |
| --- a/fs/f2fs/node.c |
| +++ b/fs/f2fs/node.c |
| @@ -509,6 +509,7 @@ static void truncate_node(struct dnode_o |
| { |
| struct f2fs_sb_info *sbi = F2FS_SB(dn->inode->i_sb); |
| struct node_info ni; |
| + pgoff_t index; |
| |
| get_node_info(sbi, dn->nid, &ni); |
| if (dn->inode->i_blocks == 0) { |
| @@ -532,10 +533,11 @@ invalidate: |
| clear_node_page_dirty(dn->node_page); |
| F2FS_SET_SB_DIRT(sbi); |
| |
| + index = dn->node_page->index; |
| f2fs_put_page(dn->node_page, 1); |
| |
| invalidate_mapping_pages(NODE_MAPPING(sbi), |
| - dn->node_page->index, dn->node_page->index); |
| + index, index); |
| |
| dn->node_page = NULL; |
| trace_f2fs_truncate_node(dn->inode, dn->nid, ni.blk_addr); |
