From f7409d0fae7a02ea6c8195f75ad73866d5dea617 Mon Sep 17 00:00:00 2001
From: Jaegeuk Kim <jaegeuk@kernel.org>
Date: Fri, 21 Aug 2015 23:37:18 -0700
Subject: f2fs: fix wrong pointer access during try_to_free_nids

If we release the lock in list_for_each_entry_safe, we can lose the tmp
pointer by alloc_nid.

Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
---
 fs/f2fs/node.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'fs')

diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index 777066d29fa8..0867325e288f 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -1664,11 +1664,9 @@ int try_to_free_nids(struct f2fs_sb_info *sbi, int nr_shrink)
 		if (i->state == NID_ALLOC)
 			continue;
 		__del_from_free_nid_list(nm_i, i);
-		nm_i->fcnt--;
-		spin_unlock(&nm_i->free_nid_list_lock);
 		kmem_cache_free(free_nid_slab, i);
+		nm_i->fcnt--;
 		nr_shrink--;
-		spin_lock(&nm_i->free_nid_list_lock);
 	}
 	spin_unlock(&nm_i->free_nid_list_lock);
 	mutex_unlock(&nm_i->build_lock);
-- 
cgit v1.2.3