]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3d1f37b) | patch
md/raid1,10: Remove use-after-free bug in make_request.
authorNeilBrown <neilb@suse.de>
Sat, 10 Sep 2011 07:21:23 +0000 (17:21 +1000)
committerNeilBrown <neilb@suse.de>
Sat, 10 Sep 2011 07:21:23 +0000 (17:21 +1000)
commit5b30703881e717409db9b0bc8f8590b434937386
tree39f67f9078465bd67c29216b35370a78907e4f3btree | snapshot
parent3d1f37bb9a50e45f958049db1404f87c8c83e0bccommit | diff
md/raid1,10: Remove use-after-free bug in make_request.

A single request to RAID1 or RAID10 might result in multiple
requests if there are known bad blocks that need to be avoided.

To detect if we need to submit another write request we test:
  if (sectors_handled < (bio->bi_size >> 9)) {

However this is after we call **_write_done() so the 'bio' no longer
belongs to us - the writes could have completed and the bio freed.

So move the **_write_done call until after the test against
bio->bi_size.

This addresses https://bugzilla.kernel.org/show_bug.cgi?id=41862

Reported-by: Bruno Wolff III <bruno@wolff.to>
Tested-by: Bruno Wolff III <bruno@wolff.to>
Signed-off-by: NeilBrown <neilb@suse.de>
drivers/md/raid1.c diff | blob | history
drivers/md/raid10.c diff | blob | history
Linux Kernel Source Tree.