Re: Subject: [PATCH 1/1] drivers/md/raid1.c: fix NULL pointer bugin fix_read_error function

From: hank
Date: Wed Sep 12 2012 - 22:28:52 EST


On 09/04/2012 11:07 AM, hank wrote:

> From 0ba5879082544dc3aa13807087563b1258124b1e Mon Sep 17 00:00:00 2001
> From: hank <pyu@xxxxxxxxxx>
> Date: Tue, 4 Sep 2012 10:23:45 +0800
> Subject: [PATCH 1/1] drivers/md/raid1.c: fix NULL pointer bug in
> fix_read_error function
>
> in fix_read_error function, the conf->mirrors[read_disk].rdev may
> become NULL, as in this function, rdev->nr_pending may be zero, anyone
> can delete it. So should check if it is NULL before use.
>
> Signed-off-by: hank <pyu@xxxxxxxxxx>
> ---
> drivers/md/raid1.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
> index 611b5f7..fd8de28 100644
> --- a/drivers/md/raid1.c
> +++ b/drivers/md/raid1.c
> @@ -2005,7 +2005,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
> if (!success) {
> /* Cannot read from anywhere - mark it bad */
> struct md_rdev *rdev = conf->mirrors[read_disk].rdev;
> - if (!rdev_set_badblocks(rdev, sect, s, 0))
> + if (!rdev || !rdev_set_badblocks(rdev, sect, s, 0))
> md_error(mddev, rdev);
> break;
> }



Anyone can review this patch? I think it is a bug and should be fixed.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/