From: Shaohua Li <shli@fb.com>
Date: Mon, 20 Feb 2017 06:41:27 +0000 (-0800)
Subject: md/raid1: fix a use-after-free bug
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=af5f42a7e426a87bfa69adc9b9d8930385a1ddf6;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git

md/raid1: fix a use-after-free bug

Commit fd76863 (RAID1: a new I/O barrier implementation to remove resync
window) introduces a user-after-free bug.

Signed-off-by: Shaohua Li <shli@fb.com>
---

diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index fefbbfdb440b..2e5e4805cbe1 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -203,6 +203,7 @@ static void free_r1bio(struct r1bio *r1_bio)
 static void put_buf(struct r1bio *r1_bio)
 {
 	struct r1conf *conf = r1_bio->mddev->private;
+	sector_t sect = r1_bio->sector;
 	int i;
 
 	for (i = 0; i < conf->raid_disks * 2; i++) {
@@ -213,7 +214,7 @@ static void put_buf(struct r1bio *r1_bio)
 
 	mempool_free(r1_bio, conf->r1buf_pool);
 
-	lower_barrier(conf, r1_bio->sector);
+	lower_barrier(conf, sect);
 }
 
 static void reschedule_retry(struct r1bio *r1_bio)