Btrfs: fix use after free in O_DIRECT This fixes a bug where we use dip after we have freed it. Instead just use the file_offset that was passed to the function. Thanks, Signed-off-by: Josef Bacik <josef@redhat.com>

commit: 955256f2c3e25c94ad373c43fbc38d2ac8af2a71 [log] [tgz]
author: Josef Bacik <josef@redhat.com> Fri Nov 19 09:41:10 2010 -0500
committer: Josef Bacik <josef@redhat.com> Thu Dec 09 13:57:10 2010 -0500
tree: f8a6074a34e988e613eb308d4aeb91fd8fb2e968
parent: 5a92bc88cef279261d3f138e25850c122df67045 [diff] [blame]
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 0f34cae..ae6c0d1 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c

@@ -5934,8 +5934,7 @@
 	 */
 	if (write) {
 		struct btrfs_ordered_extent *ordered;
-		ordered = btrfs_lookup_ordered_extent(inode,
-						      dip->logical_offset);
+		ordered = btrfs_lookup_ordered_extent(inode, file_offset);
 		if (!test_bit(BTRFS_ORDERED_PREALLOC, &ordered->flags) &&
 		    !test_bit(BTRFS_ORDERED_NOCOW, &ordered->flags))
 			btrfs_free_reserved_extent(root, ordered->start,
commit	955256f2c3e25c94ad373c43fbc38d2ac8af2a71	[log] [tgz]
author	Josef Bacik <josef@redhat.com>	Fri Nov 19 09:41:10 2010 -0500
committer	Josef Bacik <josef@redhat.com>	Thu Dec 09 13:57:10 2010 -0500
tree	f8a6074a34e988e613eb308d4aeb91fd8fb2e968
parent	5a92bc88cef279261d3f138e25850c122df67045 [diff] [blame]