Commit 058bfc1c authored by Maik Hampel's avatar Maik Hampel Committed by Greg Kroah-Hartman

md: raid10: fix use-after-free of bio

In case of read errors raid10d tries to print a nice error message,
unfortunately using data from an already put bio.
Signed-off-by: default avatarMaik Hampel <m.hampel@gmx.de>
Acked-By: default avatarNeilBrown <neilb@suse.de>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 1eb34652
...@@ -1565,7 +1565,6 @@ static void raid10d(mddev_t *mddev) ...@@ -1565,7 +1565,6 @@ static void raid10d(mddev_t *mddev)
bio = r10_bio->devs[r10_bio->read_slot].bio; bio = r10_bio->devs[r10_bio->read_slot].bio;
r10_bio->devs[r10_bio->read_slot].bio = r10_bio->devs[r10_bio->read_slot].bio =
mddev->ro ? IO_BLOCKED : NULL; mddev->ro ? IO_BLOCKED : NULL;
bio_put(bio);
mirror = read_balance(conf, r10_bio); mirror = read_balance(conf, r10_bio);
if (mirror == -1) { if (mirror == -1) {
printk(KERN_ALERT "raid10: %s: unrecoverable I/O" printk(KERN_ALERT "raid10: %s: unrecoverable I/O"
...@@ -1573,8 +1572,10 @@ static void raid10d(mddev_t *mddev) ...@@ -1573,8 +1572,10 @@ static void raid10d(mddev_t *mddev)
bdevname(bio->bi_bdev,b), bdevname(bio->bi_bdev,b),
(unsigned long long)r10_bio->sector); (unsigned long long)r10_bio->sector);
raid_end_bio_io(r10_bio); raid_end_bio_io(r10_bio);
bio_put(bio);
} else { } else {
const int do_sync = bio_sync(r10_bio->master_bio); const int do_sync = bio_sync(r10_bio->master_bio);
bio_put(bio);
rdev = conf->mirrors[mirror].rdev; rdev = conf->mirrors[mirror].rdev;
if (printk_ratelimit()) if (printk_ratelimit())
printk(KERN_ERR "raid10: %s: redirecting sector %llu to" printk(KERN_ERR "raid10: %s: redirecting sector %llu to"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment