bcache: fix wrong usage use-after-freed on keylist in out_nocoalesce branch of btree_...

Elements of keylist should be accessed before the list is freed.
Move bch_keylist_free() calling after the while loop to avoid wrong
content accessed.

Signed-off-by: Shenghui Wang <shhuiw@foxmail.com>
Signed-off-by: Coly Li <colyli@suse.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
index 64def336f0532a91b5da500c77c3c8de38b7ee37..b139858b08028835964d1af7145d2df623a78cf0 100644 (file)
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
@@ -1476,11 +1476,11 @@ static int btree_gc_coalesce(struct btree *b, struct btree_op *op,
 
 out_nocoalesce:
        closure_sync(&cl);
-       bch_keylist_free(&keylist);
 
        while ((k = bch_keylist_pop(&keylist)))
                if (!bkey_cmp(k, &ZERO_KEY))
                        atomic_dec(&b->c->prio_blocked);
+       bch_keylist_free(&keylist);
 
        for (i = 0; i < nodes; i++)
                if (!IS_ERR_OR_NULL(new_nodes[i])) {