From: NeilBrown <neilb@suse.de>
Date: Mon, 21 Aug 2006 00:05:26 +0000 (+1000)
Subject: MD: Fix a potential NULL dereference in md/raid1
X-Git-Tag: v2.6.17.11~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc41bfe271fee237ae41e3cbd8b4789b60da3e53;p=thirdparty%2Fkernel%2Fstable.git

MD: Fix a potential NULL dereference in md/raid1

At the point where this 'atomic_add' is, rdev could be NULL, as seen by
the fact that we test for this in the very next statement.

Further is it is really the wrong place of the add.  We could add to the
count of corrected errors once the are sure it was corrected, not before
trying to correct it.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>


diff .prev/drivers/md/raid1.c ./drivers/md/raid1.c
---

diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
index 4070eff6f0f8a..5a5449400acdc 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1486,7 +1486,6 @@ static void raid1d(mddev_t *mddev)
 							d = conf->raid_disks;
 						d--;
 						rdev = conf->mirrors[d].rdev;
-						atomic_add(s, &rdev->corrected_errors);
 						if (rdev &&
 						    test_bit(In_sync, &rdev->flags)) {
 							if (sync_page_io(rdev->bdev,
@@ -1509,6 +1508,9 @@ static void raid1d(mddev_t *mddev)
 									 s<<9, conf->tmppage, READ) == 0)
 								/* Well, this device is dead */
 								md_error(mddev, rdev);
+							else
+								atomic_add(s, &rdev->corrected_errors);
+
 						}
 					}
 				} else {