lightnvm: pblk: fix use-after-free bug

Remove one of the calls to function bio_put(), so *bio* is only
freed once.

Notice that bio is being dereferenced in bio_put(), hence leading to
a use-after-free bug once *bio* has already been freed.

Addresses-Coverity-ID: 1475952 ("Use after free")
Fixes: 55d8ec35398e ("lightnvm: pblk: support packed metadata")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/drivers/lightnvm/pblk-recovery.c b/drivers/lightnvm/pblk-recovery.c
index 3fcf062d752cfe3cfed93102a97ba9f78bc5c2c4..5ee20da7bdb3d7a0f5d52ebef06afb51d191f722 100644 (file)
--- a/drivers/lightnvm/pblk-recovery.c
+++ b/drivers/lightnvm/pblk-recovery.c
@@ -418,7 +418,6 @@ retry_rq:
        if (ret) {
                pblk_err(pblk, "I/O submission failed: %d\n", ret);
                bio_put(bio);
-               bio_put(bio);
                return ret;
        }