From: NeilBrown <neilb@suse.de>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-raid@vger.kernel.org
Subject: [PATCH md 001 of 20] Fix a use-after-free bug in raid1
Date: Mon, 12 Dec 2005 14:10:17 +1100 [thread overview]
Message-ID: <1051212031017.4861@suse.de> (raw)
In-Reply-To: 20051212135705.4561.patches@notabene
Who would submit code with a FIXME like that in it !!!!
Signed-off-by: Neil Brown <neilb@suse.de>
### Diffstat output
./drivers/md/raid1.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff ./drivers/md/raid1.c~current~ ./drivers/md/raid1.c
--- ./drivers/md/raid1.c~current~ 2005-12-12 10:45:16.000000000 +1100
+++ ./drivers/md/raid1.c 2005-12-12 10:45:22.000000000 +1100
@@ -323,7 +323,6 @@ static int raid1_end_write_request(struc
* this branch is our 'one mirror IO has finished' event handler:
*/
r1_bio->bios[mirror] = NULL;
- bio_put(bio);
if (!uptodate) {
md_error(r1_bio->mddev, conf->mirrors[mirror].rdev);
/* an I/O failed, we can't clear the bitmap */
@@ -380,7 +379,6 @@ static int raid1_end_write_request(struc
}
if (test_bit(R1BIO_BehindIO, &r1_bio->state)) {
/* free extra copy of the data pages */
-/* FIXME bio has been freed!!! */
int i = bio->bi_vcnt;
while (i--)
put_page(bio->bi_io_vec[i].bv_page);
@@ -394,6 +392,9 @@ static int raid1_end_write_request(struc
raid_end_bio_io(r1_bio);
}
+ if (r1_bio->bios[mirror]==NULL)
+ bio_put(bio);
+
rdev_dec_pending(conf->mirrors[mirror].rdev, conf->mddev);
return 0;
}
next prev parent reply other threads:[~2005-12-12 3:10 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-12 3:10 [PATCH md 000 of 20] Introduction NeilBrown
2005-12-12 3:10 ` NeilBrown [this message]
2005-12-12 3:10 ` [PATCH md 002 of 20] Use correct size of raid5 stripe cache when measuring how full it is NeilBrown
2005-12-12 3:10 ` [PATCH md 003 of 20] Define and use safe_put_page for md NeilBrown
2005-12-12 3:13 ` [PATCH md 004 of 20] Helper function to match commands written to sysfs files NeilBrown
2005-12-12 3:14 ` [PATCH md 005 of 20] Fix typo in comment NeilBrown
2005-12-12 3:14 ` [PATCH md 006 of 20] Make a couple of names in md.c static NeilBrown
2005-12-12 3:14 ` [PATCH md 007 of 20] Make sure bitmap updates are visible through filesystem NeilBrown
2005-12-12 3:14 ` [PATCH md 008 of 20] Fix rdev->pending counts in raid1 NeilBrown
2005-12-12 3:14 ` [PATCH md 009 of 20] Allow chunk_size to be settable through sysfs NeilBrown
2005-12-12 3:15 ` [PATCH md 010 of 20] Allow md array component size to be accessed and set via sysfs NeilBrown
2005-12-12 3:15 ` [PATCH md 011 of 20] Expose md metadata format in sysfs NeilBrown
2005-12-12 3:15 ` [PATCH md 012 of 20] Allow array level to be set textually via sysfs NeilBrown
2005-12-12 3:15 ` [PATCH md 013 of 20] Count corrected read errors per drive NeilBrown
2005-12-12 10:07 ` Andrew Morton
2005-12-12 3:15 ` [PATCH md 014 of 20] Allow md/raid_disks to be settable NeilBrown
2005-12-12 3:15 ` [PATCH md 015 of 20] Keep better track of dev/array size when assembling md arrays NeilBrown
2005-12-12 3:15 ` [PATCH md 016 of 20] Expose device slot information via sysfs NeilBrown
2005-12-12 3:15 ` [PATCH md 017 of 20] Export rdev->data_offset " NeilBrown
2005-12-12 3:15 ` [PATCH md 018 of 20] Allow available size of component devices to be set " NeilBrown
2005-12-12 3:15 ` [PATCH md 019 of 20] Support adding new devices to md arrays " NeilBrown
2005-12-12 3:15 ` [PATCH md 020 of 20] Allow sync-speed to be controlled per-device NeilBrown
2005-12-12 11:30 ` Jeff Breidenbach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1051212031017.4861@suse.de \
--to=neilb@suse.de \
--cc=akpm@osdl.org \
--cc=linux-raid@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).