On Tue, Apr 01, 2014 at 12:38:51PM +0100, Russell King - ARM Linux wrote: > Consider what happens when bio_alloc_pages() fails. j starts off as one > for non-recovery operations, and we enter the loop to allocate the pages. > j is post-decremented to zero. So, bio = r1_bio->bios[0]. > > bio_alloc_pages(bio) fails, we jump to out_free_bio. The first thing > that does is increment j, so we free from r1_bio->bios[1] up to the > number of raid disks, leaving r1_bio->bios[0] leaked as the r1_bio is > then freed. Neil, Can you please review commit a07876064a0b7 (block: Add bio_alloc_pages) which seems to have introduced this bug - it seems to have gone in during the v3.10 merge window, and looks like it was never reviewed from the attributations on the commit. The commit message is brief, and inadequately describes the functional change that the patch has - we go from "get up to RESYNC_PAGES into the bio's io_vec" to "get all RESYNC_PAGES or fail completely". Not withstanding the breakage of the error cleanup paths, is this an acceptable change of behaviour here? Thanks. -- FTTC broadband for 0.8mile line: now at 9.7Mbps down 460kbps up... slowly improving, and getting towards what was expected from it. -- To unsubscribe from this list: send the line "unsubscribe linux-raid" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
