summaryrefslogtreecommitdiffstats
path: root/drivers/md/raid1.c
diff options
context:
space:
mode:
authorShaohua Li <shli@fb.com>2017-02-20 07:41:27 +0100
committerShaohua Li <shli@fb.com>2017-02-20 07:41:27 +0100
commitaf5f42a7e426a87bfa69adc9b9d8930385a1ddf6 (patch)
treeb8c9f89049ad59d48251737800f8d7c70830fec6 /drivers/md/raid1.c
parentRAID1: avoid unnecessary spin locks in I/O barrier code (diff)
downloadlinux-af5f42a7e426a87bfa69adc9b9d8930385a1ddf6.tar.xz
linux-af5f42a7e426a87bfa69adc9b9d8930385a1ddf6.zip
md/raid1: fix a use-after-free bug
Commit fd76863 (RAID1: a new I/O barrier implementation to remove resync window) introduces a user-after-free bug. Signed-off-by: Shaohua Li <shli@fb.com>
Diffstat (limited to 'drivers/md/raid1.c')
-rw-r--r--drivers/md/raid1.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index fefbbfdb440b..2e5e4805cbe1 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -203,6 +203,7 @@ static void free_r1bio(struct r1bio *r1_bio)
static void put_buf(struct r1bio *r1_bio)
{
struct r1conf *conf = r1_bio->mddev->private;
+ sector_t sect = r1_bio->sector;
int i;
for (i = 0; i < conf->raid_disks * 2; i++) {
@@ -213,7 +214,7 @@ static void put_buf(struct r1bio *r1_bio)
mempool_free(r1_bio, conf->r1buf_pool);
- lower_barrier(conf, r1_bio->sector);
+ lower_barrier(conf, sect);
}
static void reschedule_retry(struct r1bio *r1_bio)