mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-14 04:26:45 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/md
History
NeilBrown 079fa166a2 md/raid1,10: Remove use-after-free bug in make_request. 
A single request to RAID1 or RAID10 might result in multiple
requests if there are known bad blocks that need to be avoided.

To detect if we need to submit another write request we test:
 	if (sectors_handled < (bio->bi_size >> 9)) {

However this is after we call **_write_done() so the 'bio' no longer
belongs to us - the writes could have completed and the bio freed.

So move the **_write_done call until after the test against
bio->bi_size.

This addresses https://bugzilla.kernel.org/show_bug.cgi?id=41862

Reported-by: Bruno Wolff III <bruno@wolff.to>
Tested-by: Bruno Wolff III <bruno@wolff.to>
Signed-off-by: NeilBrown <neilb@suse.de>
2011-09-10 17:21:23 +10:00
..
bitmap.c MD bitmap: Revert DM dirty log hooks 2011-07-27 11:00:37 +10:00
bitmap.h MD bitmap: Revert DM dirty log hooks 2011-07-27 11:00:37 +10:00
dm-bio-record.h
dm-crypt.c dm crypt: optionally support discard requests 2011-08-02 12:32:08 +01:00
dm-delay.c dm: convert workqueues to alloc_ordered 2011-01-13 19:59:57 +00:00
dm-exception-store.c dm snapshot: test chunk size against both origin and snapshot 2010-08-12 04:13:51 +01:00
dm-exception-store.h dm snapshot: test chunk size against both origin and snapshot 2010-08-12 04:13:51 +01:00
dm-flakey.c dm flakey: add corrupt_bio_byte feature 2011-08-02 12:32:06 +01:00
dm-io.c dm io: flush cpu cache with vmapped io 2011-08-02 12:32:01 +01:00
dm-ioctl.c dm ioctl: forbid multiple device specifiers 2011-08-02 12:32:06 +01:00
dm-kcopyd.c dm snapshot: skip reading origin when overwriting complete chunk 2011-08-02 12:32:04 +01:00
dm-linear.c dm: use dm_target_offset macro 2010-08-12 04:14:11 +01:00
dm-log-userspace-base.c dm log: userspace use list_move 2011-08-02 12:32:02 +01:00
dm-log-userspace-transfer.c netlink: kill eff_cap from struct netlink_skb_parms 2011-03-03 13:32:07 -08:00
dm-log-userspace-transfer.h dm log: userspace add luid to distinguish between concurrent log instances 2009-09-04 20:40:34 +01:00
dm-log.c dm: use vzalloc 2011-08-02 12:32:02 +01:00
dm-mpath.c dm table: share target argument parsing functions 2011-08-02 12:32:04 +01:00
dm-mpath.h
dm-path-selector.c
dm-path-selector.h
dm-queue-length.c atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
dm-raid.c dm raid: add md raid1 support 2011-08-02 12:32:07 +01:00
dm-raid1.c dm kcopyd: return client directly and not through a pointer 2011-05-29 13:03:13 +01:00
dm-region-hash.c Fix common misspellings 2011-03-31 11:26:23 -03:00
dm-round-robin.c
dm-service-time.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dm-snap-persistent.c dm snapshot: style cleanups 2011-08-02 12:32:03 +01:00
dm-snap-transient.c dm snapshot: move cow ref from exception store to snap core 2009-12-10 23:52:12 +00:00
dm-snap.c dm snapshot: skip reading origin when overwriting complete chunk 2011-08-02 12:32:04 +01:00
dm-stripe.c dm stripe: implement merge method 2011-03-24 13:54:35 +00:00
dm-sysfs.c Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
dm-table.c dm table: set flush capability based on underlying devices 2011-08-02 12:32:08 +01:00
dm-target.c dm: error return error for discards 2010-08-12 04:14:14 +01:00
dm-uevent.c dm table: remove dm_get from dm_table_get_md 2010-03-06 02:29:52 +00:00
dm-uevent.h
dm-zero.c dm: zero silently drop discards 2010-08-12 04:14:12 +01:00
dm.c dm table: set flush capability based on underlying devices 2011-08-02 12:32:08 +01:00
dm.h dm: ignore merge_bvec for snapshots when safe 2011-08-02 12:32:04 +01:00
faulty.c Fix common misspellings 2011-03-31 11:26:23 -03:00
Kconfig dm raid: support metadata devices 2011-08-02 12:32:07 +01:00
linear.c md,rcu: Convert call_rcu(free_conf) to kfree_rcu() 2011-07-20 11:05:29 -07:00
linear.h md/linear: avoid corrupting structure while waiting for rcu_free to complete. 2011-08-25 14:43:53 +10:00
Makefile dm: add flakey target 2011-03-24 13:54:24 +00:00
md.c md: fix clearing of 'blocked' flag in the presence of bad blocks. 2011-08-30 16:20:17 +10:00
md.h md: make it easier to wait for bad blocks to be acknowledged. 2011-07-28 11:31:48 +10:00
multipath.c md: make error_handler functions more uniform and correct. 2011-05-11 14:38:44 +10:00
multipath.h md/multipath: discard ->working_disks in favour of ->degraded 2011-05-11 14:38:02 +10:00
raid0.c block: Require subsystems to explicitly allocate bio_set integrity mempool 2011-03-17 11:11:05 +01:00
raid0.h md: fix handling of array level takeover that re-arranges devices. 2010-06-24 13:33:24 +10:00
raid1.c md/raid1,10: Remove use-after-free bug in make_request. 2011-09-10 17:21:23 +10:00
raid1.h md/raid1: Handle write errors by updating badblock log. 2011-07-28 11:32:41 +10:00
raid5.c md/raid5: fix a hang on device failure. 2011-08-31 12:49:14 +10:00
raid5.h md/raid5: Clear bad blocks on successful write. 2011-07-28 11:39:23 +10:00
raid10.c md/raid1,10: Remove use-after-free bug in make_request. 2011-09-10 17:21:23 +10:00
raid10.h md/raid10: Handle write errors by updating badblock log. 2011-07-28 11:39:24 +10:00