From 67f80d813ce3ba1a8ddacdfffb81b1a382da6df5 Mon Sep 17 00:00:00 2001
From: Jan Musial <jan.musial@intel.com>
Date: Tue, 6 Apr 2021 12:19:08 +0200
Subject: [PATCH] Avoid nullptr dereference in ocf_io_put

Signed-off-by: Jan Musial <jan.musial@intel.com>
---
 src/ocf_io.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/ocf_io.c b/src/ocf_io.c
index 5b85449..e580e9f 100644
--- a/src/ocf_io.c
+++ b/src/ocf_io.c
@@ -149,13 +149,17 @@ void ocf_io_get(struct ocf_io *io)
 void ocf_io_put(struct ocf_io *io)
 {
 	struct ocf_io_internal *ioi = ocf_io_get_internal(io);
+	struct ocf_volume *volume;
 
 	if (env_atomic_dec_return(&ioi->meta.ref_count))
 		return;
 
-	ocf_refcnt_dec(&ioi->meta.volume->refcnt);
+	/* Hold volume reference to avoid use after free of ioi */
+	volume = ioi->meta.volume;
 
 	ocf_io_allocator_del(&ioi->meta.volume->type->allocator, (void *)ioi);
+
+	ocf_refcnt_dec(&volume->refcnt);
 }
 
 ocf_volume_t ocf_io_get_volume(struct ocf_io *io)