summaryrefslogtreecommitdiffstats
path: root/drivers/md/raid0.c
diff options
context:
space:
mode:
authorNeilBrown <neilb@suse.de>2011-09-10 09:21:23 +0200
committerNeilBrown <neilb@suse.de>2011-09-10 09:21:23 +0200
commit079fa166a2874985ae58b2e21e26e1cbc91127d4 (patch)
tree39f67f9078465bd67c29216b35370a78907e4f3b /drivers/md/raid0.c
parentmd/raid10: unify handling of write completion. (diff)
downloadlinux-079fa166a2874985ae58b2e21e26e1cbc91127d4.tar.xz
linux-079fa166a2874985ae58b2e21e26e1cbc91127d4.zip
md/raid1,10: Remove use-after-free bug in make_request.
A single request to RAID1 or RAID10 might result in multiple requests if there are known bad blocks that need to be avoided. To detect if we need to submit another write request we test: if (sectors_handled < (bio->bi_size >> 9)) { However this is after we call **_write_done() so the 'bio' no longer belongs to us - the writes could have completed and the bio freed. So move the **_write_done call until after the test against bio->bi_size. This addresses https://bugzilla.kernel.org/show_bug.cgi?id=41862 Reported-by: Bruno Wolff III <bruno@wolff.to> Tested-by: Bruno Wolff III <bruno@wolff.to> Signed-off-by: NeilBrown <neilb@suse.de>
Diffstat (limited to 'drivers/md/raid0.c')
0 files changed, 0 insertions, 0 deletions