From 45cec0de6c8973660da279e44b24d37af49daeb6 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig Date: Mon, 26 Jan 2026 06:53:42 +0100 Subject: [PATCH] iomap: free the bio before completing the dio There are good arguments for processing the user completions ASAP vs. freeing resources ASAP, but freeing the bio first here removes potential use after free hazards when checking flags, and will simplify the upcoming bounce buffer support. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: Darrick J. Wong Tested-by: Anuj Gupta Reviewed-by: Damien Le Moal Signed-off-by: Jens Axboe --- fs/iomap/direct-io.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/fs/iomap/direct-io.c b/fs/iomap/direct-io.c index c1d5db85c8c78..d4d52775ce256 100644 --- a/fs/iomap/direct-io.c +++ b/fs/iomap/direct-io.c @@ -214,7 +214,15 @@ static void iomap_dio_done(struct iomap_dio *dio) static void __iomap_dio_bio_end_io(struct bio *bio, bool inline_completion) { struct iomap_dio *dio = bio->bi_private; - bool should_dirty = (dio->flags & IOMAP_DIO_DIRTY); + + if (dio->flags & IOMAP_DIO_DIRTY) { + bio_check_pages_dirty(bio); + } else { + bio_release_pages(bio, false); + bio_put(bio); + } + + /* Do not touch bio below, we just gave up our reference. */ if (atomic_dec_and_test(&dio->ref)) { /* @@ -225,13 +233,6 @@ static void __iomap_dio_bio_end_io(struct bio *bio, bool inline_completion) dio->flags &= ~IOMAP_DIO_COMP_WORK; iomap_dio_done(dio); } - - if (should_dirty) { - bio_check_pages_dirty(bio); - } else { - bio_release_pages(bio, false); - bio_put(bio); - } } void iomap_dio_bio_end_io(struct bio *bio) -- 2.47.3