]> git.karo-electronics.de Git - karo-tx-linux.git/commitdiff
[PATCH] md: raid10: fix use-after-free of bio
authorMaik Hampel <m.hampel@gmx.de>
Tue, 31 Jul 2007 07:37:57 +0000 (00:37 -0700)
committerWilly Tarreau <w@1wt.eu>
Sat, 25 Aug 2007 15:24:07 +0000 (17:24 +0200)
In case of read errors raid10d tries to print a nice error message,
unfortunately using data from an already put bio.

Signed-off-by: Maik Hampel <m.hampel@gmx.de>
Acked-By: NeilBrown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Willy Tarreau <w@1wt.eu>
drivers/md/raid10.c

index fb5d9c6e9de020a27b9bac5abe295bd7ef755b38..e0029ea92dbd60c3fad2bbab9563b4238b1d81e7 100644 (file)
@@ -1565,7 +1565,6 @@ static void raid10d(mddev_t *mddev)
                        bio = r10_bio->devs[r10_bio->read_slot].bio;
                        r10_bio->devs[r10_bio->read_slot].bio =
                                mddev->ro ? IO_BLOCKED : NULL;
-                       bio_put(bio);
                        mirror = read_balance(conf, r10_bio);
                        if (mirror == -1) {
                                printk(KERN_ALERT "raid10: %s: unrecoverable I/O"
@@ -1573,8 +1572,10 @@ static void raid10d(mddev_t *mddev)
                                       bdevname(bio->bi_bdev,b),
                                       (unsigned long long)r10_bio->sector);
                                raid_end_bio_io(r10_bio);
+                               bio_put(bio);
                        } else {
                                const int do_sync = bio_sync(r10_bio->master_bio);
+                               bio_put(bio);
                                rdev = conf->mirrors[mirror].rdev;
                                if (printk_ratelimit())
                                        printk(KERN_ERR "raid10: %s: redirecting sector %llu to"