| From stable-bounces@linux.kernel.org Tue Jul 31 00:47:46 2007 |
| From: Maik Hampel <m.hampel@gmx.de> |
| Date: Tue, 31 Jul 2007 00:37:57 -0700 |
| Subject: md: raid10: fix use-after-free of bio |
| To: torvalds@linux-foundation.org |
| Cc: neilb@suse.de, akpm@linux-foundation.org, m.hampel@gmx.de, stable@kernel.org |
| Message-ID: <200707310737.l6V7bvqd021934@imap1.linux-foundation.org> |
| |
| |
| From: Maik Hampel <m.hampel@gmx.de> |
| |
| In case of read errors raid10d tries to print a nice error message, |
| unfortunately using data from an already put bio. |
| |
| Signed-off-by: Maik Hampel <m.hampel@gmx.de> |
| Acked-By: NeilBrown <neilb@suse.de> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| |
| --- |
| drivers/md/raid10.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| --- a/drivers/md/raid10.c |
| +++ b/drivers/md/raid10.c |
| @@ -1565,7 +1565,6 @@ static void raid10d(mddev_t *mddev) |
| bio = r10_bio->devs[r10_bio->read_slot].bio; |
| r10_bio->devs[r10_bio->read_slot].bio = |
| mddev->ro ? IO_BLOCKED : NULL; |
| - bio_put(bio); |
| mirror = read_balance(conf, r10_bio); |
| if (mirror == -1) { |
| printk(KERN_ALERT "raid10: %s: unrecoverable I/O" |
| @@ -1573,8 +1572,10 @@ static void raid10d(mddev_t *mddev) |
| bdevname(bio->bi_bdev,b), |
| (unsigned long long)r10_bio->sector); |
| raid_end_bio_io(r10_bio); |
| + bio_put(bio); |
| } else { |
| const int do_sync = bio_sync(r10_bio->master_bio); |
| + bio_put(bio); |
| rdev = conf->mirrors[mirror].rdev; |
| if (printk_ratelimit()) |
| printk(KERN_ERR "raid10: %s: redirecting sector %llu to" |
