Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 14e71344 authored by Maik Hampel's avatar Maik Hampel Committed by Linus Torvalds
Browse files

md: raid10: fix use-after-free of bio 



In case of read errors raid10d tries to print a nice error message,
unfortunately using data from an already put bio.

Signed-off-by: default avatarMaik Hampel <m.hampel@gmx.de>
Acked-By: default avatarNeilBrown <neilb@suse.de>
Cc: <stable@kernel.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent bfe0d686

drivers/md/raid10.c

+2 −1
Original line number Original line Diff line number Diff line
@@ -1557,7 +1557,6 @@ static void raid10d(mddev_t *mddev) 
			bio = r10_bio->devs[r10_bio->read_slot].bio;

			bio = r10_bio->devs[r10_bio->read_slot].bio;

			r10_bio->devs[r10_bio->read_slot].bio =

			r10_bio->devs[r10_bio->read_slot].bio =

				mddev->ro ? IO_BLOCKED : NULL;

				mddev->ro ? IO_BLOCKED : NULL;

			bio_put(bio);

			mirror = read_balance(conf, r10_bio);

			mirror = read_balance(conf, r10_bio);

			if (mirror == -1) {

			if (mirror == -1) {

				printk(KERN_ALERT "raid10: %s: unrecoverable I/O"

				printk(KERN_ALERT "raid10: %s: unrecoverable I/O"
@@ -1565,8 +1564,10 @@ static void raid10d(mddev_t *mddev) 
				       bdevname(bio->bi_bdev,b),

				       bdevname(bio->bi_bdev,b),

				       (unsigned long long)r10_bio->sector);

				       (unsigned long long)r10_bio->sector);

				raid_end_bio_io(r10_bio);

				raid_end_bio_io(r10_bio);

				bio_put(bio);

			} else {

			} else {

				const int do_sync = bio_sync(r10_bio->master_bio);

				const int do_sync = bio_sync(r10_bio->master_bio);

				bio_put(bio);

				rdev = conf->mirrors[mirror].rdev;

				rdev = conf->mirrors[mirror].rdev;

				if (printk_ratelimit())

				if (printk_ratelimit())

					printk(KERN_ERR "raid10: %s: redirecting sector %llu to"

					printk(KERN_ERR "raid10: %s: redirecting sector %llu to"