From: Omar Sandoval <osandov@fb.com>
Date: Mon, 16 Sep 2019 18:30:56 +0000 (-0700)
Subject: btrfs: don't prematurely free work in scrub_missing_raid56_worker()
X-Git-Tag: v4.19.92~32
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bf9011c766b654bcdceae0dc1a599ac20c7da1bf;p=thirdparty%2Fkernel%2Fstable.git

btrfs: don't prematurely free work in scrub_missing_raid56_worker()

[ Upstream commit 57d4f0b863272ba04ba85f86bfdc0f976f0af91c ]

Currently, scrub_missing_raid56_worker() puts and potentially frees
sblock (which embeds the work item) and then submits a bio through
scrub_wr_submit(). This is another potential instance of the bug in
"btrfs: don't prematurely free work in run_ordered_work()". Fix it by
dropping the reference after we submit the bio.

Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
index 916c397704679..6b6008db3e03d 100644
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -2145,14 +2145,13 @@ static void scrub_missing_raid56_worker(struct btrfs_work *work)
 		scrub_write_block_to_dev_replace(sblock);
 	}
 
-	scrub_block_put(sblock);
-
 	if (sctx->is_dev_replace && sctx->flush_all_writes) {
 		mutex_lock(&sctx->wr_lock);
 		scrub_wr_submit(sctx);
 		mutex_unlock(&sctx->wr_lock);
 	}
 
+	scrub_block_put(sblock);
 	scrub_pending_bio_dec(sctx);
 }