diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2015-08-05 11:02:42 +0200 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-08-05 11:02:42 +0200 |
| commit | 4e6b6ee253ce58aa156d7f1448d1038679b26783 (patch) | |
| tree | 21347b52110762d3f01fcc20be0c9fa28fd3d8f8 /drivers/md/raid1.c | |
| parent | 9e91edcd1b8b7f12c6484a0b17fb45774354e0b6 (diff) | |
| parent | 49895bcc7e566ba455eb2996607d6fbd3447ce16 (diff) | |
| download | linux-4e6b6ee253ce58aa156d7f1448d1038679b26783.tar.gz linux-4e6b6ee253ce58aa156d7f1448d1038679b26783.tar.xz | |
Merge tag 'md/4.2-rc5-fixes' of git://neil.brown.name/md
Pull md fixes from Neil Brown:
"Three more fixes for md in 4.2
Mostly corner-case stuff.
One of these patches is for a CVE: CVE-2015-5697
I'm not convinced it is serious (data leak from CAP_SYS_ADMIN ioctl)
but as people seem to want to back-port it, I've included a minimal
version here. The remainder of that patch from Benjamin is
code-cleanup and will arrive in the 4.3 merge window"
* tag 'md/4.2-rc5-fixes' of git://neil.brown.name/md:
md/raid5: don't let shrink_slab shrink too far.
md: use kzalloc() when bitmap is disabled
md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies
Diffstat (limited to 'drivers/md/raid1.c')
| -rw-r--r-- | drivers/md/raid1.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c index 94f5b55069e0..967a4ed73929 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -1476,6 +1476,7 @@ static void error(struct mddev *mddev, struct md_rdev *rdev) { char b[BDEVNAME_SIZE]; struct r1conf *conf = mddev->private; + unsigned long flags; /* * If it is not operational, then we have already marked it as dead @@ -1495,14 +1496,13 @@ static void error(struct mddev *mddev, struct md_rdev *rdev) return; } set_bit(Blocked, &rdev->flags); + spin_lock_irqsave(&conf->device_lock, flags); if (test_and_clear_bit(In_sync, &rdev->flags)) { - unsigned long flags; - spin_lock_irqsave(&conf->device_lock, flags); mddev->degraded++; set_bit(Faulty, &rdev->flags); - spin_unlock_irqrestore(&conf->device_lock, flags); } else set_bit(Faulty, &rdev->flags); + spin_unlock_irqrestore(&conf->device_lock, flags); /* * if recovery is running, make sure it aborts. */ @@ -1568,7 +1568,10 @@ static int raid1_spare_active(struct mddev *mddev) * Find all failed disks within the RAID1 configuration * and mark them readable. * Called under mddev lock, so rcu protection not needed. + * device_lock used to avoid races with raid1_end_read_request + * which expects 'In_sync' flags and ->degraded to be consistent. */ + spin_lock_irqsave(&conf->device_lock, flags); for (i = 0; i < conf->raid_disks; i++) { struct md_rdev *rdev = conf->mirrors[i].rdev; struct md_rdev *repl = conf->mirrors[conf->raid_disks + i].rdev; @@ -1599,7 +1602,6 @@ static int raid1_spare_active(struct mddev *mddev) sysfs_notify_dirent_safe(rdev->sysfs_state); } } - spin_lock_irqsave(&conf->device_lock, flags); mddev->degraded -= count; spin_unlock_irqrestore(&conf->device_lock, flags); |