On Wed, Sep 30, 2015 at 04:15:40PM -0700, Shaohua Li wrote: > There are 3 places the raid5-cache dispatches IO. The discard IO error > doesn't matter, so we ignore it. The superblock write IO error can be > handled in MD core. The remaining are log write and flush. When the IO > error happens, we simply fail all raid disks and continue the stripe > state machine. The MD/raid5 core can handle it (for example, mark all > disks faulty, report bio error and so on). This introduces a use after free, which will always report an I/O error when SLAB poisoning is enabled. The following patch needs to be folded into it to fix that: diff --git a/drivers/md/raid5-cache.c b/drivers/md/raid5-cache.c index 430ce5c..8d93af1 100644 --- a/drivers/md/raid5-cache.c +++ b/drivers/md/raid5-cache.c @@ -239,11 +239,11 @@ static void r5l_log_endio(struct bio *bio) struct r5l_log *log = io->log; unsigned long flags; - bio_put(bio); - if (bio->bi_error) r5l_log_io_error(log); + bio_put(bio); + if (!atomic_dec_and_test(&io->pending_io)) return; -- To unsubscribe from this list: send the line "unsubscribe linux-raid" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
