diff options
| author | Maik Hampel <m.hampel@gmx.de> | 2007-07-31 03:37:57 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-31 18:39:38 -0400 |
| commit | 14e713446aaca97dbe590fe845f7dcbd74ddbee2 (patch) | |
| tree | 530c21e7a5c7fa890193765f235dd9360fc54eed | |
| parent | bfe0d6867e36f46836d2c3755fa8b9ef8cf143ba (diff) | |
md: raid10: fix use-after-free of bio
In case of read errors raid10d tries to print a nice error message,
unfortunately using data from an already put bio.
Signed-off-by: Maik Hampel <m.hampel@gmx.de>
Acked-By: NeilBrown <neilb@suse.de>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | drivers/md/raid10.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c index f730a144baf1..0c97bf4f686e 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c | |||
| @@ -1557,7 +1557,6 @@ static void raid10d(mddev_t *mddev) | |||
| 1557 | bio = r10_bio->devs[r10_bio->read_slot].bio; | 1557 | bio = r10_bio->devs[r10_bio->read_slot].bio; |
| 1558 | r10_bio->devs[r10_bio->read_slot].bio = | 1558 | r10_bio->devs[r10_bio->read_slot].bio = |
| 1559 | mddev->ro ? IO_BLOCKED : NULL; | 1559 | mddev->ro ? IO_BLOCKED : NULL; |
| 1560 | bio_put(bio); | ||
| 1561 | mirror = read_balance(conf, r10_bio); | 1560 | mirror = read_balance(conf, r10_bio); |
| 1562 | if (mirror == -1) { | 1561 | if (mirror == -1) { |
| 1563 | printk(KERN_ALERT "raid10: %s: unrecoverable I/O" | 1562 | printk(KERN_ALERT "raid10: %s: unrecoverable I/O" |
| @@ -1565,8 +1564,10 @@ static void raid10d(mddev_t *mddev) | |||
| 1565 | bdevname(bio->bi_bdev,b), | 1564 | bdevname(bio->bi_bdev,b), |
| 1566 | (unsigned long long)r10_bio->sector); | 1565 | (unsigned long long)r10_bio->sector); |
| 1567 | raid_end_bio_io(r10_bio); | 1566 | raid_end_bio_io(r10_bio); |
| 1567 | bio_put(bio); | ||
| 1568 | } else { | 1568 | } else { |
| 1569 | const int do_sync = bio_sync(r10_bio->master_bio); | 1569 | const int do_sync = bio_sync(r10_bio->master_bio); |
| 1570 | bio_put(bio); | ||
| 1570 | rdev = conf->mirrors[mirror].rdev; | 1571 | rdev = conf->mirrors[mirror].rdev; |
| 1571 | if (printk_ratelimit()) | 1572 | if (printk_ratelimit()) |
| 1572 | printk(KERN_ERR "raid10: %s: redirecting sector %llu to" | 1573 | printk(KERN_ERR "raid10: %s: redirecting sector %llu to" |