From 4d670db64a7c311e345d9e5c2a865ef02c19ca8f Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 30 Dec 2020 16:40:55 +0100
Subject: [PATCH] 4.19-stable patches

added patches:
	md-raid10-initialize-r10_bio-read_slot-before-use.patch
---
 ...tialize-r10_bio-read_slot-before-use.patch | 46 +++++++++++++++++++
 queue-4.19/series                             |  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 queue-4.19/md-raid10-initialize-r10_bio-read_slot-before-use.patch

diff --git a/queue-4.19/md-raid10-initialize-r10_bio-read_slot-before-use.patch b/queue-4.19/md-raid10-initialize-r10_bio-read_slot-before-use.patch
new file mode 100644
index 00000000000..358f4b8cf34
--- /dev/null
+++ b/queue-4.19/md-raid10-initialize-r10_bio-read_slot-before-use.patch
@@ -0,0 +1,46 @@
+From 93decc563637c4288380912eac0eb42fb246cc04 Mon Sep 17 00:00:00 2001
+From: Kevin Vigor <kvigor@gmail.com>
+Date: Fri, 6 Nov 2020 14:20:34 -0800
+Subject: md/raid10: initialize r10_bio->read_slot before use.
+
+From: Kevin Vigor <kvigor@gmail.com>
+
+commit 93decc563637c4288380912eac0eb42fb246cc04 upstream.
+
+In __make_request() a new r10bio is allocated and passed to
+raid10_read_request(). The read_slot member of the bio is not
+initialized, and the raid10_read_request() uses it to index an
+array. This leads to occasional panics.
+
+Fix by initializing the field to invalid value and checking for
+valid value in raid10_read_request().
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Kevin Vigor <kvigor@gmail.com>
+Signed-off-by: Song Liu <songliubraving@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ drivers/md/raid10.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/md/raid10.c
++++ b/drivers/md/raid10.c
+@@ -1138,7 +1138,7 @@ static void raid10_read_request(struct m
+ 	struct md_rdev *err_rdev = NULL;
+ 	gfp_t gfp = GFP_NOIO;
+ 
+-	if (r10_bio->devs[slot].rdev) {
++	if (slot >= 0 && r10_bio->devs[slot].rdev) {
+ 		/*
+ 		 * This is an error retry, but we cannot
+ 		 * safely dereference the rdev in the r10_bio,
+@@ -1547,6 +1547,7 @@ static void __make_request(struct mddev
+ 	r10_bio->mddev = mddev;
+ 	r10_bio->sector = bio->bi_iter.bi_sector;
+ 	r10_bio->state = 0;
++	r10_bio->read_slot = -1;
+ 	memset(r10_bio->devs, 0, sizeof(r10_bio->devs[0]) * conf->copies);
+ 
+ 	if (bio_data_dir(bio) == READ)
diff --git a/queue-4.19/series b/queue-4.19/series
index e69de29bb2d..5f9505299d0 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -0,0 +1 @@
+md-raid10-initialize-r10_bio-read_slot-before-use.patch
-- 
2.47.3