aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMaik Hampel <m.hampel@gmx.de>2007-07-31 00:37:57 -0700
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-07-31 15:39:38 -0700
commit14e713446aaca97dbe590fe845f7dcbd74ddbee2 (patch)
tree530c21e7a5c7fa890193765f235dd9360fc54eed
parentbfe0d6867e36f46836d2c3755fa8b9ef8cf143ba (diff)
downloadkernel_samsung_crespo-14e713446aaca97dbe590fe845f7dcbd74ddbee2.zip
kernel_samsung_crespo-14e713446aaca97dbe590fe845f7dcbd74ddbee2.tar.gz
kernel_samsung_crespo-14e713446aaca97dbe590fe845f7dcbd74ddbee2.tar.bz2
md: raid10: fix use-after-free of bio
In case of read errors raid10d tries to print a nice error message, unfortunately using data from an already put bio. Signed-off-by: Maik Hampel <m.hampel@gmx.de> Acked-By: NeilBrown <neilb@suse.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/md/raid10.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index f730a14..0c97bf4 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1557,7 +1557,6 @@ static void raid10d(mddev_t *mddev)
bio = r10_bio->devs[r10_bio->read_slot].bio;
r10_bio->devs[r10_bio->read_slot].bio =
mddev->ro ? IO_BLOCKED : NULL;
- bio_put(bio);
mirror = read_balance(conf, r10_bio);
if (mirror == -1) {
printk(KERN_ALERT "raid10: %s: unrecoverable I/O"
@@ -1565,8 +1564,10 @@ static void raid10d(mddev_t *mddev)
bdevname(bio->bi_bdev,b),
(unsigned long long)r10_bio->sector);
raid_end_bio_io(r10_bio);
+ bio_put(bio);
} else {
const int do_sync = bio_sync(r10_bio->master_bio);
+ bio_put(bio);
rdev = conf->mirrors[mirror].rdev;
if (printk_ratelimit())
printk(KERN_ERR "raid10: %s: redirecting sector %llu to"