This function dereferences "cache" and then checks if it's
IS_ERR_OR_NULL(). Check first, then dereference.
Fixes: 9549332df4ed ("fscache: Implement cache registration")
Signed-off-by: Dan Carpenter <[email protected]>
---
fs/netfs/fscache_cache.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/netfs/fscache_cache.c b/fs/netfs/fscache_cache.c
index d645f8b302a2..f0722cc2eae5 100644
--- a/fs/netfs/fscache_cache.c
+++ b/fs/netfs/fscache_cache.c
@@ -179,7 +179,6 @@ EXPORT_SYMBOL(fscache_acquire_cache);
void fscache_put_cache(struct fscache_cache *cache,
enum fscache_cache_trace where)
{
- unsigned int debug_id = cache->debug_id;
bool zero;
int ref;
@@ -187,7 +186,7 @@ void fscache_put_cache(struct fscache_cache *cache,
return;
zero = __refcount_dec_and_test(&cache->ref, &ref);
- trace_fscache_cache(debug_id, ref - 1, where);
+ trace_fscache_cache(cache->debug_id, ref - 1, where);
if (zero) {
down_write(&fscache_addremove_sem);
--
2.43.0
Dan Carpenter <[email protected]> wrote:
> zero = __refcount_dec_and_test(&cache->ref, &ref);
> - trace_fscache_cache(debug_id, ref - 1, where);
> + trace_fscache_cache(cache->debug_id, ref - 1, where);
You can't do that if !zero. cache may be deallocated between the two lines.
David
On Wed, Jan 10, 2024 at 07:01:40PM +0000, David Howells wrote:
> Dan Carpenter <[email protected]> wrote:
>
> > zero = __refcount_dec_and_test(&cache->ref, &ref);
> > - trace_fscache_cache(debug_id, ref - 1, where);
> > + trace_fscache_cache(cache->debug_id, ref - 1, where);
>
> You can't do that if !zero. cache may be deallocated between the two lines.
Ah... Right. I misread what was going on in the latter part of the
function. Sorry, I'll resend.
regards,
dan carpenter