Re: [PATCH v2] md/raid5-ppl: fix use-after-free in ppl_do_flush()

From: Dan Carpenter

Date: Wed Jun 24 2026 - 04:07:58 EST


On Tue, Jun 23, 2026 at 10:42:47PM -0600, Brigham Campbell wrote:
> On Mon Jun 22, 2026 at 8:06 AM MDT, Sajal Gupta wrote:
> > Compile tested only.
>
> It looks like you're on the right track, but this could use some
> testing. My analysis here may be incorrect, but it looks like it should
> be pretty easy to test this patch by compiling and running on a system
> with a RAID5 array, PPL enabled, and no RAID journal. I expect the call
> stack would look something like the following (feel free to correct me,
> anyone...):

Heh... That doesn't sound easy at all. (0_0)

I just left this one because it's not really a big deal. It probably
isn't even a real bug. We call increment the refcount in a loop and
then decrement it in another loop. It's not the right way. Sajal's
first approach is the right direction this should go but *that* patch
would require testing.

Adding a break here doesn't require testing because it can't possibly
break anything which is not already broken.

regards,
dan carpenter