[PATCH v2] f2fs: prevent waiter encountering incorrect discard states

[Chao Yu]

In f2fs_submit_discard_endio, we will wake up waiter before setting
discard command states, so waiter may use incorrect states. Change
the order between complete() and states setting to fix this issue.

Signed-off-by: Chao Yu <yuch...@huawei.com>
---
v2: use wait_for_completion_io before releasing discard entry to avoid
use-after-free.
 fs/f2fs/segment.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 24911c5679d6..ec19cfcfcd24 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -717,9 +717,9 @@ static void f2fs_submit_discard_endio(struct bio *bio)
 {
        struct discard_cmd *dc = (struct discard_cmd *)bio->bi_private;
 
-       complete(&dc->wait);
        dc->error = bio->bi_error;
        dc->state = D_DONE;
+       complete(&dc->wait);
        bio_put(bio);
 }
 
@@ -807,8 +807,7 @@ void f2fs_wait_discard_bio(struct f2fs_sb_info *sbi, 
block_t blkaddr)
 
        list_for_each_entry_safe(dc, tmp, wait_list, list) {
                if (dc->lstart <= blkaddr && blkaddr < dc->lstart + dc->len) {
-                       if (dc->state == D_SUBMIT)
-                               wait_for_completion_io(&dc->wait);
+                       wait_for_completion_io(&dc->wait);
                        __punch_discard_cmd(sbi, dc, blkaddr);
                }
        }
@@ -868,8 +867,10 @@ static int issue_discard_thread(void *data)
        blk_finish_plug(&plug);
 
        list_for_each_entry_safe(dc, tmp, wait_list, list) {
-               if (dc->state == D_DONE)
+               if (dc->state == D_DONE) {
+                       wait_for_completion_io(&dc->wait);
                        __remove_discard_cmd(sbi, dc);
+               }
        }
        mutex_unlock(&dcc->cmd_lock);
 
-- 
2.12.2.510.ge1104a5ee539