leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
01a69cab01
linux/drivers/md
History
Yufen Yu 01a69cab01 md raid10: fix NULL deference in handle_write_completed() 
In the case of 'recover', an r10bio with R10BIO_WriteError &
R10BIO_IsRecover will be progressed by handle_write_completed().
This function traverses all r10bio->devs[copies].
If devs[m].repl_bio != NULL, it thinks conf->mirrors[dev].replacement
is also not NULL. However, this is not always true.

When there is an rdev of raid10 has replacement, then each r10bio
->devs[m].repl_bio != NULL in conf->r10buf_pool. However, in 'recover',
even if corresponded replacement is NULL, it doesn't clear r10bio
->devs[m].repl_bio, resulting in replacement NULL deference.

This bug was introduced when replacement support for raid10 was
added in Linux 3.3.

As NeilBrown suggested:
	Elsewhere the determination of "is this device part of the
	resync/recovery" is made by resting bio->bi_end_io.
	If this is end_sync_write, then we tried to write here.
	If it is NULL, then we didn't try to write.

Fixes: 9ad1aefc8a ("md/raid10:  Handle replacement devices during resync.")
Cc: stable (V3.3+)
Suggested-by: NeilBrown <neilb@suse.com>
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Shaohua Li <sh.li@alibaba-inc.com>
2018-02-19 09:40:36 -08:00
..
bcache bcache: fix for data collapse after re-attaching an attached device 2018-02-07 12:50:01 -07:00
persistent-data dm btree: fix serious bug in btree_split_beneath() 2018-01-17 09:07:55 -05:00
dm-bio-prison-v1.c
dm-bio-prison-v1.h
dm-bio-prison-v2.c
dm-bio-prison-v2.h
dm-bio-record.h
dm-bufio.c dm bufio: eliminate unnecessary labels in dm_bufio_client_create() 2018-01-17 09:16:04 -05:00
dm-bufio.h
dm-builtin.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dm-cache-background-tracker.c dm cache background tracker: limit amount of background work that may be issued at once 2017-11-10 15:45:03 -05:00
dm-cache-background-tracker.h
dm-cache-block-types.h
dm-cache-metadata.c
dm-cache-metadata.h
dm-cache-policy-internal.h
dm-cache-policy-smq.c dm cache policy smq: allocate cache blocks in order 2017-11-10 15:45:05 -05:00
dm-cache-policy.c
dm-cache-policy.h
dm-cache-target.c dm: fix various targets to dm_register_target after module __init resources created 2017-12-04 10:23:10 -05:00
dm-core.h dm: various cleanups to md->queue initialization code 2018-01-29 13:44:55 -05:00
dm-crypt.c - DM core fixes to ensure that bio submission follows a depth-first tree 2018-01-31 11:05:47 -08:00
dm-delay.c dm: backfill missing calls to mutex_destroy() 2018-01-17 09:16:15 -05:00
dm-era-target.c dm: do not set 'discards_supported' in targets that do not need it 2017-11-16 16:33:54 -05:00
dm-exception-store.c
dm-exception-store.h
dm-flakey.c dm flakey: check for null arg_name in parse_features() 2018-01-17 09:16:13 -05:00
dm-integrity.c dm integrity: don't store cipher request on the stack 2018-01-17 09:08:57 -05:00
dm-io.c dm io: remove BIOSET_NEED_RESCUER flag from bios bioset 2017-12-13 12:15:56 -05:00
dm-ioctl.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
dm-kcopyd.c dm: backfill missing calls to mutex_destroy() 2018-01-17 09:16:15 -05:00
dm-linear.c
dm-log-userspace-base.c
dm-log-userspace-transfer.c
dm-log-userspace-transfer.h
dm-log-writes.c dm log writes: fix max length used for kstrndup 2018-01-17 09:16:16 -05:00
dm-log.c
dm-mpath.c - DM core fixes to ensure that bio submission follows a depth-first tree 2018-01-31 11:05:47 -08:00
dm-mpath.h
dm-path-selector.c
dm-path-selector.h
dm-queue-length.c dm mpath selector: more evenly distribute ties 2018-01-29 13:44:58 -05:00
dm-raid1.c md: Convert timers to use timer_setup() 2017-11-14 20:11:57 -07:00
dm-raid.c - DM core fixes to ensure that bio submission follows a depth-first tree 2018-01-31 11:05:47 -08:00
dm-region-hash.c
dm-round-robin.c
dm-rq.c for-linus-20180204 2018-02-04 11:16:35 -08:00
dm-rq.h
dm-service-time.c dm mpath selector: more evenly distribute ties 2018-01-29 13:44:58 -05:00
dm-snap-persistent.c
dm-snap-transient.c
dm-snap.c dm snapshot: use mutex instead of rw_semaphore 2018-01-17 09:16:14 -05:00
dm-stats.c dm: backfill missing calls to mutex_destroy() 2018-01-17 09:16:15 -05:00
dm-stats.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dm-stripe.c
dm-switch.c
dm-sysfs.c
dm-table.c dm table: fix NVMe bio-based dm_table_determine_type() validation 2018-01-29 13:44:56 -05:00
dm-target.c
dm-thin-metadata.c dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 2018-01-17 09:07:54 -05:00
dm-thin-metadata.h
dm-thin.c dm thin: fix trailing semicolon in __remap_and_issue_shared_cell 2018-01-29 13:44:57 -05:00
dm-uevent.c
dm-uevent.h
dm-unstripe.c dm unstripe: fix target length versus number of stripes size check 2018-01-29 13:44:58 -05:00
dm-verity-fec.c
dm-verity-fec.h
dm-verity-target.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-11-14 10:52:09 -08:00
dm-verity.h dm: move dm-verity to generic async completion 2017-11-03 22:11:20 +08:00
dm-zero.c
dm-zoned-metadata.c dm: backfill missing calls to mutex_destroy() 2018-01-17 09:16:15 -05:00
dm-zoned-reclaim.c
dm-zoned-target.c dm: backfill missing calls to mutex_destroy() 2018-01-17 09:16:15 -05:00
dm-zoned.h
dm.c dm: correctly handle chained bios in dec_pending() 2018-02-16 10:46:35 -05:00
dm.h dm: move dm_table_destroy() to same header as dm_table_create() 2018-01-17 09:16:06 -05:00
Kconfig dm: add unstriped target 2018-01-17 09:16:00 -05:00
Makefile dm: add unstriped target 2018-01-17 09:16:00 -05:00
md-bitmap.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2017-11-14 16:07:26 -08:00
md-bitmap.h Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2017-11-14 16:07:26 -08:00
md-cluster.c md-cluster: update document for raid10 2017-11-01 21:32:25 -07:00
md-cluster.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
md-faulty.c
md-linear.c
md-linear.h Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2017-11-14 16:07:26 -08:00
md-multipath.c md-multipath: Use seq_putc() in multipath_status() 2018-02-17 13:00:35 -08:00
md-multipath.h Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md 2017-11-14 16:07:26 -08:00
md.c md: only allow remove_and_add_spares when no sync_thread running. 2018-02-19 09:40:01 -08:00
md.h md: fix md_write_start() deadlock w/o metadata devices 2018-02-18 10:11:59 -08:00
raid0.c md: remove special meaning of ->quiesce(.., 2) 2017-11-01 21:32:20 -07:00
raid0.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
raid1-10.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
raid1.c md/raid1: Fix trailing semicolon 2018-02-17 12:58:29 -08:00
raid1.h md: document lifetime of internal rdev pointer. 2018-02-18 10:22:27 -08:00
raid5-cache.c raid5-ppl: PPL support for disks with write-back cache enabled 2018-01-15 14:29:42 -08:00
raid5-log.h raid5-ppl: PPL support for disks with write-back cache enabled 2018-01-15 14:29:42 -08:00
raid5-ppl.c raid5-ppl: PPL support for disks with write-back cache enabled 2018-01-15 14:29:42 -08:00
raid5.c md/raid5: simplify uninitialization of shrinker 2018-02-17 12:35:34 -08:00
raid5.h md: document lifetime of internal rdev pointer. 2018-02-18 10:22:27 -08:00
raid10.c md raid10: fix NULL deference in handle_write_completed() 2018-02-19 09:40:36 -08:00
raid10.h md: document lifetime of internal rdev pointer. 2018-02-18 10:22:27 -08:00