• Jens Axboe's avatar
    [PATCH] possible use-after-free of bio · 4a534f93
    Jens Axboe authored
    There is a possibility that a bio will be accessed after it has been freed
    on SCSI.  It happens if you submit a bio with BIO_SYNC marked and the
    auto-unplugging kicks the request_fn, SCSI re-enables interrupts in-between
    so if the request completes between the add_request() in __make_request()
    and the bio_sync() call, we could be looking at a dead bio.  It's a slim
    race, but it has been triggered in the Real World.
    
    So assign bio_sync() to a local variable instead.
    Signed-off-by: default avatarJens Axboe <axboe@suse.de>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    4a534f93
ll_rw_blk.c 90.8 KB