f2fs: fix wrong pointer access during try_to_free_nids

If we release the lock in list_for_each_entry_safe, we can lose the tmp
pointer by alloc_nid.

Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index 777066d29fa80e619fe5ca21960af01b81b5f4e1..0867325e288fcea5daa27f2f1d3238c879f4262b 100644 (file)
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -1664,11 +1664,9 @@ int try_to_free_nids(struct f2fs_sb_info *sbi, int nr_shrink)
                if (i->state == NID_ALLOC)
                        continue;
                __del_from_free_nid_list(nm_i, i);
-               nm_i->fcnt--;
-               spin_unlock(&nm_i->free_nid_list_lock);
                kmem_cache_free(free_nid_slab, i);
+               nm_i->fcnt--;
                nr_shrink--;
-               spin_lock(&nm_i->free_nid_list_lock);
        }
        spin_unlock(&nm_i->free_nid_list_lock);
        mutex_unlock(&nm_i->build_lock);