From: Jens Axboe <[email protected]>
There is a possibility that a bio will be accessed after it has been freed
on SCSI. It happens if you submit a bio with BIO_SYNC marked and the
auto-unplugging kicks the request_fn, SCSI re-enables interrupts in-between
so if the request completes between the add_request() in __make_request()
and the bio_sync() call, we could be looking at a dead bio. It's a slim
race, but it has been triggered in the Real World.
So assign bio_sync() to a local variable instead.
Signed-off-by: Jens Axboe <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
---
25-akpm/drivers/block/ll_rw_blk.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff -puN drivers/block/ll_rw_blk.c~possible-use-after-free-of-bio drivers/block/ll_rw_blk.c
--- 25/drivers/block/ll_rw_blk.c~possible-use-after-free-of-bio 2005-04-12 03:21:33.400059320 -0700
+++ 25-akpm/drivers/block/ll_rw_blk.c 2005-04-12 03:21:33.405058560 -0700
@@ -2559,7 +2559,7 @@ EXPORT_SYMBOL(__blk_attempt_remerge);
static int __make_request(request_queue_t *q, struct bio *bio)
{
struct request *req, *freereq = NULL;
- int el_ret, rw, nr_sectors, cur_nr_sectors, barrier, err;
+ int el_ret, rw, nr_sectors, cur_nr_sectors, barrier, err, sync;
sector_t sector;
sector = bio->bi_sector;
@@ -2567,6 +2567,7 @@ static int __make_request(request_queue_
cur_nr_sectors = bio_cur_sectors(bio);
rw = bio_data_dir(bio);
+ sync = bio_sync(bio);
/*
* low level driver can indicate that it wants pages above a
@@ -2698,7 +2699,7 @@ get_rq:
out:
if (freereq)
__blk_put_request(q, freereq);
- if (bio_sync(bio))
+ if (sync)
__generic_unplug_device(q);
spin_unlock_irq(q->queue_lock);
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
